On Thu, 19 Mar 2020, Sumit Bose wrote:
Hi,
not really.
Since you say the primary group is called 'Domain Users' I assume you
are using AD. With AD SSSD can derived UIDs and GIDs automatically from
the SID of the AD objects with 'ldap_id_mapping = True' (see man
sssd-ldap for details. With this users will get private primary groups
automatically, but all UIDs and GIDs on your systems will change.
The alternative would be to change the primary group for all users in
AD.
I'm not sure having all users with the same primary group is in itself a
security issue. They're free to be in secondary groups too, and if you're
allocating permissions on those secondary groups, all is well.
The only issue would be if you're writing files out and making them group
accessible without thinking about which group that should be.
jh
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
