Dmitri Pal wrote: > David O'Brien wrote: >> The following is taken from "The LOCAL Provider" section on the >> HOWTO_Configure page on the wiki: >> >> "Using Magic Private groups bring the benefit of better Windows >> Interoperability (in Windows, the ID and name spaces are unique) and >> also avoids creating a group for every user, thus cluttering the group >> space. Also, for NSS calls, every user is actually returned as user's >> private group without having to explicitly create the group, thus having >> the same effect as User Private Groups " >> >> The 2nd sentence doesn't quite add up. >> >> thanks >> > davido, ping > <dpal> davido, MPG, I will try to explain > <dpal> davido, user private group is a group that only has one user. > <dpal> davido, in UNIX world there is a private group for each user, so > there are more group records than user records in total. > <dpal> davido, creating and maintaining all these groups for each user > centrally and delivering them to each machine is a big cost > <dpal> so the idea is to dynamically create user's private group on the > fly for each user and return its ID. > <dpal> How it can be? > <dpal> If you have a flat namespace between user entries and group > entries you can be sure that the there never be a group with the same id > as some of the users > <dpal> Based on this assumption you can on the fly generate private > group with the same ID as user ID and with the same name without worry > that there will be any collision. > <dpal> So this is what the second sentence tries to say. > <dpal> For NSS calls (read identity calls) the SSSD will return > (dynamically created on the fly) user private group without actually > creating a special User Private Group record. > <dpal> davido, makes sense? > thanks Dmitri
If I take the original sentence and s/"returned as user's private group"/"returned a user's private group"/ I think I can make sense of it. cheers -- David O'Brien Red Hat Asia Pacific +61 7 3514 8189 http://freeipa.org/page/DocumentationPortal http://git.fedorahosted.org/git/ipadocs.git "The most valuable of all talents is that of never using two words when one will do." Thomas Jefferson _______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
