Bug 477037 - RFE: Group types for users and posixGroup
RFE: Group types for users and posixGroup
Status: CLOSED UPSTREAM
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
2.0
All Linux
low Severity medium
: v2 release
: ---
Assigned To: Rob Crittenden
Chandrasekar Kannan
:
Depends On:
Blocks: 431020
  Show dependency treegraph
 
Reported: 2008-12-18 15:04 EST by Simo Sorce
Modified: 2015-01-04 18:35 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-28 05:31:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Simo Sorce 2008-12-18 15:04:21 EST
In IPA v2 we are expanding the use of groups to handle relations, HBAC, policies etc ...
So far we always equated group of users with posixGroup, but going forward it may make sense to spli the concept of group of users and posix group.

The reason being that posix group memberships are limited in some OSs, for example by default Solaris allow only 16 groups per user.

We should therefore avoid creating posixGroup when these groups are not related to filesystem access control.

I suggest we create groups by default without making them posixGroups.
And add a switch in our interfaces to transform a group of users into a posixGroup (this will result in the management program to add the objectclass to the group entry and generate a new GID for it).

The switch may be called: "Make this an Operating System Group"
Comment 1 Rob Crittenden 2010-02-03 17:54:48 EST
Done, this is the --posix flag when managing groups

Note You need to log in before you can comment on or make changes to this bug.