On 21/08/15 15:21, bahan w wrote:
Hello !

I contact you because I notice something strange with IPA environment.

I created a group :
ipa group-add g1 --desc="my first group"

Then I created a user with the GID of g1
GID1=`ipa group-show g1 | awk '/GID/ {printf("%s",$2)}'`
ipa user-add --first=u1 --last=u1 --homedir=/home/u1 --shell=/bin/bash
--gidnumber=${GID1} u1

Then when I perform ipa group-show g1 command, I got the following result :
   Group name: g1
   Description: my first group
   GID: <gid1>

Same for ipa user-show u1 :
   User login: u1
   First name: u1
   Last name: u1
   Home directory: /home/u1
   Login shell: /bin/bash
   Email address: u1@<MYDOMAIN>
   UID: <uid1>
   GID: <gid1>
   Account disabled: False
   Password: False
   Member of groups: ipausers
   Kerberos keys available: False

These 2 commands does not see u1 as a member of g1.
When I try the command id u1, I can see the group :

id u1
uid=<uid1>(u1) gid=<gid1>(g1) groups=<gid1>(g1)

Is it the normal behaviour of these IPA commands ?

Best regards.



I'm not sure if this is intended and/or correct behavior or not.
Looking at /etc/passwd and /etc/group I see it behaves similarly in a way.

You can have following entries in the aforementioned files



Looking in /etc/group you can't see user 'u1' is member of group 'g1' but tools like id, groups, getent shows this information.

On the other hand it would be useful to show these "implicit" members in group-show output.
Could you please file a ticket (https://fedorahosted.org/freeipa/newticket)?

David Kupka

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to