On Mon, 2012-05-07 at 18:01 -0700, David Copperfield wrote: > Hi, > > > Can I change the default user group for new users to something else? > and disable automatically creation of private groups?
Yes, and yes, although I wouldn't recommend so if you have more than a couple hundred users as that group will become enormous and will slow down clients trying to fetch and cache all the memberships. Having a common primary group is also often a security problem because the default netmask on Linux machines is 220 meaning that all users can read/write each other user' files by default if they all share the same group. > > Basically I migrates hundreds of Linux accounts from openldap to IPA, > and those users have a default group 'exampleGroup' with GID <500. And > it is company policy to have all users to use the same container user > group, and disable private groups. To change the default primary group you can simply locate the ipaDefaultPrimaryGroup attribute and change it from ipausers to whatever you want to use. > So can I change the IPA policy to change the default user group from > 'ipausers' to some thing else to 'exampleGroup'? what's the > immediately and potential effect on adjustment? Thanks. > See above. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users