Re: [Freeipa-users] Different primary group on different machines.

2012-10-26 Thread Natxo Asenjo
On Thu, Oct 25, 2012 at 9:11 PM, KodaK sako...@gmail.com wrote: We have many different development groups, but people can be members of multiple groups. For collaboration, they'd like it when creating a file to have that file have a group ownership of foo on machine-A, but bar on machine-B.

Re: [Freeipa-users] Different primary group on different machines.

2012-10-26 Thread Ondrej Valousek
Well, you do not need ACLs for that, just 'chmod g+s directory' will do. But in general, I agree, this is insane requirement as nobody would ever think of it in Windows. Not happy w/ a traditional Unix permissions? Go for ACLs. The only pity is that the current Posix-draft hack widely used on

Re: [Freeipa-users] Different primary group on different machines.

2012-10-26 Thread Natxo Asenjo
hi, yes, you are correct :-). Being a recent nfsv4 acls fan has made me forget that. -- Groeten, natxo On Fri, Oct 26, 2012 at 9:36 AM, Ondrej Valousek ondr...@s3group.cz wrote: Well, you do not need ACLs for that, just 'chmod g+s directory' will do. But in general, I agree, this is insane

Re: [Freeipa-users] ipa user-find

2012-10-26 Thread Rich Megginson
On 10/25/2012 08:33 PM, Steven Jones wrote: I hadnt restarted but now I have, no difference. wc -l says 1 but every other line is a blank, so yes 5000 seems likely. There are just under 6000 AD users2 servers as this is in the test environment to test winsync and passyncboth are

Re: [Freeipa-users] Different primary group on different machines.

2012-10-26 Thread Simo Sorce
On Fri, 2012-10-26 at 09:36 +0200, Ondrej Valousek wrote: Well, you do not need ACLs for that, just 'chmod g+s directory' will do. This is what makes people ask for changing the GID, which is suboptimal on many accounts. The reason why FreeIPA creates a User Private Group is that the default

Re: [Freeipa-users] Different primary group on different machines.

2012-10-26 Thread Ondrej Valousek
Sorry sir, but technically it is the sgid bit that is a gross hack. The Posix draft for ACLs never got final approval, but it is pretty standardized across most OSs, and works fine for any Linux OS that isn;t on ancient kernels. It is also enabled by default on all file systems that matter