Bug 477037 - RFE: Group types for users and posixGroup
Summary: RFE: Group types for users and posixGroup
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: 2.0
Hardware: All
OS: Linux
low
medium
Target Milestone: v2 release
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 431020
TreeView+ depends on / blocked
 
Reported: 2008-12-18 20:04 UTC by Simo Sorce
Modified: 2015-01-04 23:35 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-28 09:31:21 UTC
Embargoed:

Attachments (Terms of Use)

Description Simo Sorce 2008-12-18 20:04:21 UTC 
In IPA v2 we are expanding the use of groups to handle relations, HBAC, policies etc ...
So far we always equated group of users with posixGroup, but going forward it may make sense to spli the concept of group of users and posix group.

The reason being that posix group memberships are limited in some OSs, for example by default Solaris allow only 16 groups per user.

We should therefore avoid creating posixGroup when these groups are not related to filesystem access control.

I suggest we create groups by default without making them posixGroups.
And add a switch in our interfaces to transform a group of users into a posixGroup (this will result in the management program to add the objectclass to the group entry and generate a new GID for it).

The switch may be called: "Make this an Operating System Group"
Comment 1 Rob Crittenden 2010-02-03 22:54:48 UTC 
Done, this is the --posix flag when managing groups
Note You need to log in before you can comment on or make changes to this bug.