Hi, I have a requirement where human users will be logging in with their AD accounts. However, there are some applications that create local user and group and at times, the AD users may need to work on the application, view/edit files owned by the application user/group, run programs etc. Therefore we need to create some sort of mapping between the AD users and the local group.
After coming through this mailing list, I realized that the recommendation is to add the remote AD users into the local group by way of modifying /etc/group file. What I am wondering is that, is this the only way to solve the problem or is there any other way (presumably better way) to handle this? I am using Puppet already. Therefore I think I may use the augeas provider to edit /etc/group file to add the users. I also need to devise a way so that users can be deleted from /etc/group easily in an automated fashion. Has anyone got any tips under their sleeve that can be used to roll out this feature in a lot of servers? Thanks, _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
