Finn Fysj via FreeIPA-users wrote: > I have a running IPA server which has both POSIX and NON-POSIX User Groups. > However, I'm not using FreeIPA in a classic manner, mostly just as a LDAP > server with GUI making it easier for end users to manage their stuff. > > I'm curious if there's a difference between Users or Users Groups when > assigning these to a POSIX or NON-POSIX user group? > E.g > > A user was not able to SSH into a machine because the user couldn't be found > as a member of the group: > $ getent group test-group > test-group:*:5010: > > In the example above, I have attached memebership to another User Group: > end_users --> test-group. However, if give a user in end_users direct access > to the test-group, they can successfully SSH and they're shown in the getent > command: > > $ getent group test-group > test-group:*:5010:userX > > Of course, with NON-POSIX group I'm not able to run any commands, but I > haven't had any problems when I
Seems like you sent this early. But the answer is: you answered your own question. A non-POSIX group won't show membership on POSIX systems. Non-POSIX groups are meant for things like HBAC and SUDO groups where you don't necessarily want to grant filesystem access to the group files (there likely won't be any). rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
