On Thu, 19 May 2016, Lachlan Musicman wrote:
Now that groups are working as expected, we have noticed that when listing
a directory the user and group now have full domain qualifiers.

This doesn't look great. We've also noticed that we now need to

chown :group@subdomain filename

(with default_domain_suffix set).

Is there a reason why when the group's name and ID is the same across both
domains, it can't be considered the same group for file ownership reasons?
In POSIX systems user and group IDs are two different namespaces. We
force so-called private groups to have the same ID as the user to
simplify some of hard identity mapping problems between POSIX and
Windows environments. In Windows world security identifier (SID)
namespace is the same for all objects.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to