On 02/07/2013 08:46 PM, Steven Jones wrote:
> Hi,
> I have had little to do with permissions until now so bear with me if the Qs 
> are obviously stupid, probably not really IPA but a linux blind spot I 
> have....anyway,
> So I have a service account with its group this runs a database.
> So oracle with uid 2000 and gid 2000.  I have some other users that need to 
> be in the oracle user's group but I cant do that in IPA? 
> So how do I get around that?
> Or am I approaching it totally wrong?
> I created a user group called oragrp gid 2001 but the user oracle is creating 
> files with a uid of 2000 and gid of 2000 and not a gid of 2001 which I assume 
> would fix it?
> regards
> Steven Jones
> Technical Specialist - Linux RHCE
> Victoria University, Wellington, NZ
> 0064 4 463 6272

Hello Steven,

I assume you want to change oracle user primary GID, i.e. something like that:

# ipa group-add oragrp --desc "Oracle Group" --gid 2001
Added group "oragrp"
  Group name: oragrp
  Description: Oracle Group
  GID: 2001

# ipa user-add --first Oracle --last User oracle --noprivate --uid 2000
--gidnumber 2001
Added user "oracle"
  User login: oracle
  First name: Oracle
  Last name: User
  Full name: Oracle User
  Display name: Oracle User
  Initials: OU
  Home directory: /home/oracle
  GECOS field: Oracle User
  Login shell: /bin/sh
  Kerberos principal: ora...@example.com
  Email address: ora...@example.com
  UID: 2000
  GID: 2001
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

# su oracle
sh-4.2$ id
uid=2000(oracle) gid=2001(oragrp) groups=2001(oragrp)
$ touch /tmp/foo
$ ls -la /tmp/foo
-rw-r--r--. 1 oracle oragrp 0 Feb  8 02:28 /tmp/foo


Freeipa-users mailing list

Reply via email to