[Freeipa-users] Re: [EXTERNAL] Re: Can an IPA user be member of a local group

Wed, 27 Jan 2021 04:29:19 -0800 

Please excuse a possible thread hijack

Is this (IPA)global or can it be done on select hosts ?

______________________________________________________________________________________________

Daniel E. White
[email protected]<mailto:[email protected]>
NASCOM Linux Engineer
NASA Goddard Space Flight Center
Science Applications International Corporation (SAIC)
Office: (301) 286-6919
Mobile: (240) 513-5290

From: FreeIPA-Users <[email protected]>
Reply-To: FreeIPA-Users <[email protected]>
Date: Wednesday, January 27, 2021 at 07:19
To: FreeIPA-Users <[email protected]>
Cc: Ronald Wimmer <[email protected]>, Alexander Bokovoy <[email protected]>
Subject: [EXTERNAL] [Freeipa-users] Re: Can an IPA user be member of a local 
group

On ke, 27 tammi 2021, Ronald Wimmer via FreeIPA-users wrote:
I would like an IPA user to be member of the local 'docker' group. Is
this possible?

Yes. This is called 'group merging'.

You need to have the following in your nsswitch.conf:
# Allow initgroups to default to the setting for group.
initgroups: sss [SUCCESS=merge] files

Then create 'docker' group in IPA, add IPA user there. glibc on the host
will merge groups membership from SSSD witht he group membership from
'files' provider.

https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.redhat.com%2Fshow_bug.cgi%3Fid%3D1298975&amp;data=04%7C01%7Cdaniel.e.white%40nasa.gov%7C4a86acd16b2c47d6eec208d8c2bdc541%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637473467601711415%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=Iiy7WSgtEOxJQboDU7SpsX1feFqNX6fWGEnWvQ7vmgY%3D&amp;reserved=0
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Fglibc%2Fwiki%2FProposals%2FGroupMerging&amp;data=04%7C01%7Cdaniel.e.white%40nasa.gov%7C4a86acd16b2c47d6eec208d8c2bdc541%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637473467601711415%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=WiX8ms2MOZZ2o5oyPU3jhlYHy3V2UrZUlL8QTwRXLHU%3D&amp;reserved=0
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsgallagh.wordpress.com%2F2016%2F01%2F28%2Fremote-group-merging-for-fedora%2F&amp;data=04%7C01%7Cdaniel.e.white%40nasa.gov%7C4a86acd16b2c47d6eec208d8c2bdc541%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637473467601721365%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=Z0qdb0NhAJTeVA20N%2BVMRkLVH%2FsRz7d4WKqZoDigqSk%3D&amp;reserved=0



--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- 
[email protected]<mailto:[email protected]>
To unsubscribe send an email to 
[email protected]<mailto:[email protected]>
Fedora Code of Conduct: 
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&amp;data=04%7C01%7Cdaniel.e.white%40nasa.gov%7C4a86acd16b2c47d6eec208d8c2bdc541%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637473467601721365%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=Iny3ut76ogw8XcUQ%2B1tyxB0gIDC1BrfAeiiDRDDEiMQ%3D&amp;reserved=0
List Guidelines: 
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&amp;data=04%7C01%7Cdaniel.e.white%40nasa.gov%7C4a86acd16b2c47d6eec208d8c2bdc541%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637473467601721365%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=PS9eHFk5i2QoRzZofQVmTBttE6U08boN7%2Ft4Q2Yz5oE%3D&amp;reserved=0
List Archives: 
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Ffreeipa-users%40lists.fedorahosted.org&amp;data=04%7C01%7Cdaniel.e.white%40nasa.gov%7C4a86acd16b2c47d6eec208d8c2bdc541%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637473467601721365%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=3wHKKMrcoVa9qRlV3zbAKxA352h7QpESVzEwcXvluBc%3D&amp;reserved=0


_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
  • [Freeipa-users] Can ... Ronald Wimmer via FreeIPA-users
    • [Freeipa-users]... Alexander Bokovoy via FreeIPA-users
      • [Freeipa-us... White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users
        • [Freeip... Ronald Wimmer via FreeIPA-users
          • [Fr... Alexander Bokovoy via FreeIPA-users
            • ... Ronald Wimmer via FreeIPA-users
              • ... Alexander Bokovoy via FreeIPA-users
                • ... Ronald Wimmer via FreeIPA-users
                • ... Alexander Bokovoy via FreeIPA-users
                • ... Ronald Wimmer via FreeIPA-users
                • ... Alexander Bokovoy via FreeIPA-users
                • ... Ronald Wimmer via FreeIPA-users
                • ... Alexander Bokovoy via FreeIPA-users

Reply via email to