On to, 28 tammi 2021, Ronald Wimmer via FreeIPA-users wrote:
On 28.01.21 19:52, Alexander Bokovoy via FreeIPA-users wrote:
On to, 28 tammi 2021, Ronald Wimmer via FreeIPA-users wrote:
GID: 63
[root@master ~]# ipa group-add-member audio --users testuser
Group name: audio
GID: 63
Member users: testuser
-------------------------
Number of members added 1
-------------------------
[root@master ~]# getent initgroups testuser
testuser 63
[root@master ~]#
Now, if I'd add 'testuser' to 'video' group in /etc/group,
'video' will
be in the list of groups 'testuser' is a member of:
[root@master ~]# fgrep testuser /etc/group
video:x:39:testuser
[root@master ~]# getent initgroups testuser
testuser 63 39
This is on RHEL 8.
On my server (Oracle Linux 8.3) fgrep
/etc/authselect/user-nsswitch.conf returns nothing.
What I did:
- Added "initgroups: sss [SUCCESS=merge] files" as first line
in /etc/nsswitch.conf
- Create [email protected] user in IPA
- usermod -a -G docker [email protected]
getent initgroups [email protected] returns just the user name.
So it seems not to work. Or am I missing something?
Can you test it without the domain suffix? E.g. non-fully qualified. May
be this is causing some issues? -- / Alexander Bokovoy
getent initgroups does return just the user name in either case.
Sorry, I have no Oracle Linux 8.3 at hand. It works for me on RHEL and
Fedora so I know this is working at least with glibc 2.28 in RHEL 8 and
default FreeIPA deployment options.
Just one more question. Was the initgroups feature backported to glibc
for RHEL or should this work in any distro shipping glibc >= 2.28?
It is part of glibc since 2016, almost five years already. I think first
glibc release that had it included was 2.24.
https://sourceware.org/git/?p=glibc.git;a=commit;h=ced8f8933673f4efda1d666d26a1a949602035ed
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
