Re: [Freeipa-users] File user and group ownership listings...
> -Original Message- > From: freeipa-users-boun...@redhat.com [mailto:freeipa-users- > boun...@redhat.com] On Behalf Of Alexander Bokovoy > Sent: Thursday, 19 May 2016 5:12 PM > To: Lachlan Musicman > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] File user and group ownership listings... > > On Thu, 19 May 2016, Lachlan Musicman wrote: > >Now that groups are working as expected, we have noticed that when > >listing a directory the user and group now have full domain qualifiers. > > > >This doesn't look great. We've also noticed that we now need to > > > >chown :group@subdomain filename > > > >(with default_domain_suffix set). > > > > > >Is there a reason why when the group's name and ID is the same across > >both domains, it can't be considered the same group for file ownership > >reasons? > In POSIX systems user and group IDs are two different namespaces. We force > so-called private groups to have the same ID as the user to simplify some of > hard > identity mapping problems between POSIX and Windows environments. In > Windows world security identifier (SID) namespace is the same for all objects. Ah, ok then. Thanks! Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] File user and group ownership listings...
> -Original Message- > From: freeipa-users-boun...@redhat.com [mailto:freeipa-users- > boun...@redhat.com] On Behalf Of Jakub Hrozek > Sent: Thursday, 19 May 2016 5:22 PM > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] File user and group ownership listings... > > On Thu, May 19, 2016 at 04:33:45PM +1000, Lachlan Musicman wrote: > > Now that groups are working as expected, we have noticed that when > > listing a directory the user and group now have full domain qualifiers. > > > > This doesn't look great. We've also noticed that we now need to > > > > chown :group@subdomain filename > > This is something that will work in 7.3. There is currently a limitation in > our cache > that forces us to use fully-qualified names for users from trusted domains. Fantastic. Thanks for all the hard work! Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] File user and group ownership listings...
On Thu, May 19, 2016 at 04:33:45PM +1000, Lachlan Musicman wrote: > Now that groups are working as expected, we have noticed that when listing > a directory the user and group now have full domain qualifiers. > > This doesn't look great. We've also noticed that we now need to > > chown :group@subdomain filename This is something that will work in 7.3. There is currently a limitation in our cache that forces us to use fully-qualified names for users from trusted domains. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] File user and group ownership listings...
On Thu, 19 May 2016, Lachlan Musicman wrote: Now that groups are working as expected, we have noticed that when listing a directory the user and group now have full domain qualifiers. This doesn't look great. We've also noticed that we now need to chown :group@subdomain filename (with default_domain_suffix set). Is there a reason why when the group's name and ID is the same across both domains, it can't be considered the same group for file ownership reasons? In POSIX systems user and group IDs are two different namespaces. We force so-called private groups to have the same ID as the user to simplify some of hard identity mapping problems between POSIX and Windows environments. In Windows world security identifier (SID) namespace is the same for all objects. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
