Bug 766181 - [RFE] Provide option to disable Automatic Private Group creation for users
Summary: [RFE] Provide option to disable Automatic Private Group creation for users
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On: 697890
Blocks: 736854
TreeView+ depends on / blocked
 
Reported: 2011-12-10 20:32 UTC by Dmitri Pal
Modified: 2012-06-20 13:28 UTC (History)
2 users (show)

Fixed In Version: ipa-2.2.0-1.el6
Doc Type: Enhancement
Doc Text:
Cause: When a new user is added, User Private Group (UPG) is created and assigned as user primary group by default. However, there may be use cases when administrator wants to rather use a common group assigned as a primary group for all users. However, there is no switch to enforce this behavior for all user additions. Consequence: Whenever a new user is added a special option always need to be used to prevent creation of UPG. Change: Directory Server plugin which handles the creation of UPG can now be disabled with a new tool - ipa-managed-entries. Result: Administrator can disable automatic creation of UPGs and let all new future users share a common group as their primary group.
Clone Of: 697890
Environment:
Last Closed: 2012-06-20 13:28:00 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0819 normal SHIPPED_LIVE ipa bug fix and enhancement update 2012-06-19 20:34:17 UTC

Description Dmitri Pal 2011-12-10 20:32:41 UTC
+++ This bug was initially created as a clone of Bug #697890 +++

Description of problem:
When adding a new user a private group with the same name as the user and its UID as GID is created. Since we do not have a need for it but rather want new users to be in a "staff" group (for instance) we want to be able to turn off this feature.

Version-Release number of selected component (if applicable):
freeipa-server-2.0.0-1.fc15.x86_64

Steps to Reproduce:
1. Create new user
2. ipa group-find --private
  
Actual results:
Shows a private group with name and GID as user's name and UID.

Expected results:
No private group.

Additional info:
Discussed with JrAquino on IRC.

--- Additional comment from mkosek@redhat.com on 2011-04-20 08:38:43 EDT ---

There is a relevant upstream ticket in progress:

https://fedorahosted.org/freeipa/ticket/1131

You may want to check the relevant discussion in freeipa-devel list:

http://www.redhat.com/archives/freeipa-devel/2011-March/msg00207.html

--- Additional comment from mkosek@redhat.com on 2011-08-16 12:27:23 EDT ---

Fixed upstream
master: https://fedorahosted.org/freeipa/changeset/dea578a357b2ebc68f56ef31f841cfe056f73303

Comment 1 Martin Kosek 2012-01-06 09:08:24 UTC
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/dea578a357b2ebc68f56ef31f841cfe056f73303

Comment 3 Jenny Severance 2012-04-02 13:54:12 UTC
verified ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Get Default Status of User Private Groups Plugin
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa-managed-entries -e "UPG Definition" status > /tmp/upgstatus.out 2>&1'
:: [   PASS   ] :: File '/tmp/upgstatus.out' should contain 'Plugin Enabled'
:: [   LOG    ] :: Duration: 3s
:: [   LOG    ] :: Assertions: 2 good, 0 bad
:: [   PASS   ] :: RESULT: Get Default Status of User Private Groups Plugin

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Disable User Private Groups Plugin
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Disable UPG Plugin
:: [   PASS   ] :: Required directory server restart
:: [   PASS   ] :: Get the status of the plugin
:: [   PASS   ] :: File '/tmp/upgstatus.out' should contain 'Plugin Disabled'
:: [   LOG    ] :: Duration: 14s
:: [   LOG    ] :: Assertions: 4 good, 0 bad
:: [   PASS   ] :: RESULT: Disable User Private Groups Plugin

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Add user with User Private Group Plugin Disabled
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Add user with plugin disabled
:: [   PASS   ] :: Make sure user private group was not added
:: [   PASS   ] :: Delete the test user added
:: [   LOG    ] :: Duration: 14s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: Add user with User Private Group Plugin Disabled

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Re-Enable User Private Groups Plugin
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Re-enable UPG Plugin
:: [   PASS   ] :: Required directory server restart
:: [   PASS   ] :: Get the status of the plugin
:: [   PASS   ] :: File '/tmp/upgstatus.out' should contain 'Plugin Enabled'
:: [   LOG    ] :: Duration: 17s
:: [   LOG    ] :: Assertions: 4 good, 0 bad
:: [   PASS   ] :: RESULT: Re-Enable User Private Groups Plugin

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Add user with User Private Groups Plugin Re-Enabled
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Add user with plugin re-enabled
:: [   PASS   ] :: Make sure user private group was added
:: [   PASS   ] :: Delete the test user added
:: [   PASS   ] :: Make sure user private group was delete too
:: [   LOG    ] :: Duration: 16s
:: [   LOG    ] :: Assertions: 4 good, 0 bad
:: [   PASS   ] :: RESULT: Add user with User Private Groups Plugin Re-Enabled

version :
ipa-server-2.2.0-7.el6.x86_64

Comment 5 Martin Kosek 2012-04-19 14:14:17 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.

Comment 7 Martin Kosek 2012-04-19 15:10:26 UTC
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1,4 @@
-No documentation needed.+Cause: When a new user is added, User Private Group (UPG) is created and assigned as user primary group by default. However, there may be use cases when administrator wants to rather use a common group assigned as a primary group for all users. However, there is no switch to enforce this behavior for all user additions.
+Consequence: Whenever a new user is added a special option always need to be used to prevent creation of UPG.
+Change: Directory Server plugin which handles the creation of UPG can now be disabled with a new tool - ipa-managed-entries.
+Result: Administrator can disable automatic creation of UPGs and let all new future users share a common group as their primary group.

Comment 9 errata-xmlrpc 2012-06-20 13:28:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html


Note You need to log in before you can comment on or make changes to this bug.