On 05/08/2012 03:05 PM, Simo Sorce wrote:
On Mon, 2012-05-07 at 18:01 -0700, David Copperfield wrote:

  Can I change the default user group for new users to something else?
and disable automatically creation of private groups?

Yes, and yes, although I wouldn't recommend so if you have more than a
couple hundred users as that group will become enormous and will slow
down clients trying to fetch and cache all the memberships.

Having a common primary group is also often a security problem because
the default netmask on Linux machines is 220 meaning that all users can
read/write each other user' files by default if they all share the same

  Basically I migrates hundreds of Linux accounts from openldap to IPA,
and those users have a default group 'exampleGroup' with GID<500. And
it is company policy to have all users to use the same container user
group, and disable private groups.

To change the default primary group you can simply locate the
ipaDefaultPrimaryGroup attribute and change it from ipausers to whatever
you want to use.

  So can I change the IPA policy to change the default user group from
'ipausers' to some thing else to 'exampleGroup'? what's the
immediately and potential effect on adjustment? Thanks.

See above.


Just for completeness:

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to