[SSSD-users] Re: filter_users using user id

Mon, 09 Jan 2023 09:53:23 -0800 

On (02/01/23 21:21), François Rigault wrote:
>> This is not exactly what you want, but did you consider changing the uid
>> used in the container?
>
>so, we run images that are supported and built by the vendor, who recommend 
>against this (ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1565929#c12).
>
>maybe tools like top should not try to resolve user names for processes 
>running within a user namespace to start with.
>
>I poke around and it should nevertheless be quite straightforward (for a 
>prototype at least) to filter users by uid with something like 
>https://github.com/freedge/sssd/commit/576340edf8e041bd1a17da52880fe84695e2559a
>

IMHO the new option `filter_uids` would be a bit more clear approach.

But one might still try to use current features for
negative cache of local users.

man sssd.conf -> local_negative_timeout
```
       local_negative_timeout (integer)
           Specifies for how many seconds nss_sss should keep local users and
           groups in negative cache before trying to look it up in the back
           end again. Setting the option to 0 disables this feature.

           Default: 14400 (4 hours)
```

One just would need to add dummy user with that UID.

LS

>
>Thank you!
>_______________________________________________
>sssd-users mailing list -- [email protected]
>To unsubscribe send an email to [email protected]
>Fedora Code of Conduct: 
>https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>List Archives: 
>https://lists.fedorahosted.org/archives/list/[email protected]
>Do not reply to spam, report it: 
>https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to