On Thu, Mar 19, 2020 at 08:52:51AM +0100, Jannis Mann wrote:
Hi Sumit,
I saw that option the moment I've sent this mail. Unfortunately we've a lot of ubuntu 16.04 and debian 9 machines where 1.16 doesn't run. It is not planned to upgrade these machines anytime soon.
Is there another possibility to achieve this?
Hi,
not really.
Since you say the primary group is called 'Domain Users' I assume you are using AD. With AD SSSD can derived UIDs and GIDs automatically from the SID of the AD objects with 'ldap_id_mapping = True' (see man sssd-ldap for details. With this users will get private primary groups automatically, but all UIDs and GIDs on your systems will change.
The alternative would be to change the primary group for all users in AD.
bye, Sumit
Thanks :)
Am Do., 12. März 2020 um 11:19 Uhr schrieb Sumit Bose sbose@redhat.com:
On Thu, Mar 12, 2020 at 09:26:49AM +0100, Jannis Mann wrote:
Hi,
I've sssd running with ldap provider and therefore use a binding account.
In general everything works. I've a question regarding the primary group.
When I login with any user who I permitted to in the sssd.conf all users have the Domain Users gorup as primary group.
So if I create a file with User a ownership is UserA:Domain\ Users Same goes for UserB etc.
Can I have influence on the primary group of the sssd users? Because this seems quite insecure for me. Because I use different permissions for different users (configured via sudoers files). But if every user is in
the
same group..
Hi,
recent versions of SSSD have the option 'auto_private_groups', please check the sssd.conf man page if this option is available for your version and if yes you can find more details their as well.
If this option is not listed in your man page you can check https://mzidek.fedorapeople.org/sssd/2.2.3/man/sssd.conf.5.html if it might be worth to upgrade?
HTH
bye, Sumit
Thanks for your input!
Jannis
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...