Re: [CentOS] Delete local user/group but not LDAP one
On 31/12/21 12:34 am, Anthony K wrote: On 26/11/21 6:27 pm, Felix Natter wrote: How about if I disable networking so that the LDAP Server is not reachable (pingable) before running luserdel/lgroupdel? Would that be 100% safe? Why not create a test user, that has similar settings to the real user account you are trying to affect, and test with it. Is it that hard to do? Oddly, that was showing up as a recent message in my CentOS list until after I posted. Ignore me if already resolved. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Delete local user/group but not LDAP one
On 26/11/21 6:27 pm, Felix Natter wrote: How about if I disable networking so that the LDAP Server is not reachable (pingable) before running luserdel/lgroupdel? Would that be 100% safe? Why not create a test user, that has similar settings to the real user account you are trying to affect, and test with it. Is it that hard to do? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Delete local user/group but not LDAP one
On Fri, Nov 26, 2021 at 08:27:32AM +0100, Felix Natter wrote: > I attached the /etc/libuser.conf. Is it safe to use luserdel/lgroupdel > with these settings (without affecting LDAP)? > > modules = files shadow Yeah, it should be. Basically, this is only working because the standard modern tooling just ignores that thing. -- Matthew Miller Fedora Project Leader ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Delete local user/group but not LDAP one
On Thu, Nov 25, 2021 at 10:30:22PM -0800, Gordon Messmer wrote: > I suppose someone should file bug reports. luserdel probably could > be used to confine actions to the local host, as long as > ansible/puppet provided their own libuser.conf and set the > LIBUSER_CONF to the path of that file... Yeah. But that's kind of silly. There's gotta be a better way. https://github.com/ansible/ansible/issues/76376 -- Matthew Miller Fedora Project Leader ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Delete local user/group but not LDAP one
hello fellow linux users, thank you for your answers. Gordon Messmer writes: > On 11/25/21 21:24, Thomas Mueller wrote: >> at least it seems that save, that ansible >> * >> https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/user.py#L625 >> >> >> * >> https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/user.py#L640-L643 >> >> >> >> and puppet >> * >> https://github.com/puppetlabs/puppet/blob/main/lib/puppet/provider/user/useradd.rb#L12 >> >> >> >> are using it, when you specify "local=yes" or "forcelocal=true". > > > I suppose someone should file bug reports. luserdel probably could be used > to confine actions to the local host, as long as ansible/puppet provided > their own libuser.conf and set the LIBUSER_CONF to the path of that > file... I attached the /etc/libuser.conf. Is it safe to use luserdel/lgroupdel with these settings (without affecting LDAP)? modules = files shadow -> The man page says "A list of module names to use when not creating user or group entries..." How about if I disable networking so that the LDAP Server is not reachable (pingable) before running luserdel/lgroupdel? Would that be 100% safe? Many Thanks and Best Regards! -- Felix Natter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Delete local user/group but not LDAP one
On 11/25/21 21:24, Thomas Mueller wrote: at least it seems that save, that ansible * https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/user.py#L625 * https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/user.py#L640-L643 and puppet * https://github.com/puppetlabs/puppet/blob/main/lib/puppet/provider/user/useradd.rb#L12 are using it, when you specify "local=yes" or "forcelocal=true". I suppose someone should file bug reports. luserdel probably could be used to confine actions to the local host, as long as ansible/puppet provided their own libuser.conf and set the LIBUSER_CONF to the path of that file... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Delete local user/group but not LDAP one
On 11/26/21 00:13, Matthew Miller wrote: On Thu, Nov 25, 2021 at 06:36:36PM +0100, Thomas Mueller wrote: I have a computer with a local user X that shadows an LDAP user of the same name (and group). I know I can use: userdel X groupdel X check luserdel and lgroupdel . The prefix l is for local. :-) Oh, except... it's not. The l is for "libuser" — those tools are samples for the libuser package, https://pagure.io/libuser. And libuser absolutely can affect LDAP, depending on the system configuration. at least it seems that save, that ansible * https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/user.py#L625 * https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/user.py#L640-L643 and puppet * https://github.com/puppetlabs/puppet/blob/main/lib/puppet/provider/user/useradd.rb#L12 are using it, when you specify "local=yes" or "forcelocal=true". - Thomas ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Delete local user/group but not LDAP one
On Thu, Nov 25, 2021 at 06:36:36PM +0100, Thomas Mueller wrote: > >I have a computer with a local user X that shadows an LDAP user of the > >same name (and group). > > > >I know I can use: > >userdel X > >groupdel X > > check luserdel and lgroupdel . The prefix l is for local. :-) Oh, except... it's not. The l is for "libuser" — those tools are samples for the libuser package, https://pagure.io/libuser. And libuser absolutely can affect LDAP, depending on the system configuration. -- Matthew Miller Fedora Project Leader ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Delete local user/group but not LDAP one
Hi Felix I have a computer with a local user X that shadows an LDAP user of the same name (and group). I know I can use: userdel X groupdel X check luserdel and lgroupdel . The prefix l is for local. :-) - Thomas ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos