Bug 766181
| Summary: | [RFE] Provide option to disable Automatic Private Group creation for users | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Dmitri Pal <dpal> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.0 | CC: | jgalipea, mkosek |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-2.2.0-1.el6 | Doc Type: | Enhancement |
| Doc Text: |
Cause: When a new user is added, User Private Group (UPG) is created and assigned as user primary group by default. However, there may be use cases when administrator wants to rather use a common group assigned as a primary group for all users. However, there is no switch to enforce this behavior for all user additions.
Consequence: Whenever a new user is added a special option always need to be used to prevent creation of UPG.
Change: Directory Server plugin which handles the creation of UPG can now be disabled with a new tool - ipa-managed-entries.
Result: Administrator can disable automatic creation of UPGs and let all new future users share a common group as their primary group.
|
Story Points: | --- |
| Clone Of: | 697890 | Environment: | |
| Last Closed: | 2012-06-20 13:28:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 697890 | ||
| Bug Blocks: | 736854 | ||
|
Description
Dmitri Pal
2011-12-10 20:32:41 UTC
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/dea578a357b2ebc68f56ef31f841cfe056f73303 verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Get Default Status of User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'ipa-managed-entries -e "UPG Definition" status > /tmp/upgstatus.out 2>&1' :: [ PASS ] :: File '/tmp/upgstatus.out' should contain 'Plugin Enabled' :: [ LOG ] :: Duration: 3s :: [ LOG ] :: Assertions: 2 good, 0 bad :: [ PASS ] :: RESULT: Get Default Status of User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Disable User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Disable UPG Plugin :: [ PASS ] :: Required directory server restart :: [ PASS ] :: Get the status of the plugin :: [ PASS ] :: File '/tmp/upgstatus.out' should contain 'Plugin Disabled' :: [ LOG ] :: Duration: 14s :: [ LOG ] :: Assertions: 4 good, 0 bad :: [ PASS ] :: RESULT: Disable User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Add user with User Private Group Plugin Disabled :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Add user with plugin disabled :: [ PASS ] :: Make sure user private group was not added :: [ PASS ] :: Delete the test user added :: [ LOG ] :: Duration: 14s :: [ LOG ] :: Assertions: 3 good, 0 bad :: [ PASS ] :: RESULT: Add user with User Private Group Plugin Disabled :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Re-Enable User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Re-enable UPG Plugin :: [ PASS ] :: Required directory server restart :: [ PASS ] :: Get the status of the plugin :: [ PASS ] :: File '/tmp/upgstatus.out' should contain 'Plugin Enabled' :: [ LOG ] :: Duration: 17s :: [ LOG ] :: Assertions: 4 good, 0 bad :: [ PASS ] :: RESULT: Re-Enable User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Add user with User Private Groups Plugin Re-Enabled :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Add user with plugin re-enabled :: [ PASS ] :: Make sure user private group was added :: [ PASS ] :: Delete the test user added :: [ PASS ] :: Make sure user private group was delete too :: [ LOG ] :: Duration: 16s :: [ LOG ] :: Assertions: 4 good, 0 bad :: [ PASS ] :: RESULT: Add user with User Private Groups Plugin Re-Enabled version : ipa-server-2.2.0-7.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
No documentation needed.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Diffed Contents:
@@ -1 +1,4 @@
-No documentation needed.+Cause: When a new user is added, User Private Group (UPG) is created and assigned as user primary group by default. However, there may be use cases when administrator wants to rather use a common group assigned as a primary group for all users. However, there is no switch to enforce this behavior for all user additions.
+Consequence: Whenever a new user is added a special option always need to be used to prevent creation of UPG.
+Change: Directory Server plugin which handles the creation of UPG can now be disabled with a new tool - ipa-managed-entries.
+Result: Administrator can disable automatic creation of UPGs and let all new future users share a common group as their primary group.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |