On Mon, 2012-05-07 at 18:01 -0700, David Copperfield wrote:
> Hi,
>  Can I change the default user group for new users to something else?
> and disable automatically creation of private groups?

Yes, and yes, although I wouldn't recommend so if you have more than a
couple hundred users as that group will become enormous and will slow
down clients trying to fetch and cache all the memberships.

Having a common primary group is also often a security problem because
the default netmask on Linux machines is 220 meaning that all users can
read/write each other user' files by default if they all share the same
>  Basically I migrates hundreds of Linux accounts from openldap to IPA,
> and those users have a default group 'exampleGroup' with GID <500. And
> it is company policy to have all users to use the same container user
> group, and disable private groups.

To change the default primary group you can simply locate the
ipaDefaultPrimaryGroup attribute and change it from ipausers to whatever
you want to use.

>  So can I change the IPA policy to change the default user group from
> 'ipausers' to some thing else to 'exampleGroup'? what's the
> immediately and potential effect on adjustment? Thanks.
See above.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to