On Thu, Mar 12, 2020 at 09:26:49AM +0100, Jannis Mann wrote:
Hi,
I've sssd running with ldap provider and therefore use a binding account.
In general everything works. I've a question regarding the primary group.
When I login with any user who I permitted to in the sssd.conf all users have the Domain Users gorup as primary group.
So if I create a file with User a ownership is UserA:Domain\ Users Same goes for UserB etc.
Can I have influence on the primary group of the sssd users? Because this seems quite insecure for me. Because I use different permissions for different users (configured via sudoers files). But if every user is in the same group..
Hi,
recent versions of SSSD have the option 'auto_private_groups', please check the sssd.conf man page if this option is available for your version and if yes you can find more details their as well.
If this option is not listed in your man page you can check https://mzidek.fedorapeople.org/sssd/2.2.3/man/sssd.conf.5.html if it might be worth to upgrade?
HTH
bye, Sumit
Thanks for your input!
Jannis
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...