Hide Forgot
+++ This bug was initially created as a clone of Bug #697890 +++ Description of problem: When adding a new user a private group with the same name as the user and its UID as GID is created. Since we do not have a need for it but rather want new users to be in a "staff" group (for instance) we want to be able to turn off this feature. Version-Release number of selected component (if applicable): freeipa-server-2.0.0-1.fc15.x86_64 Steps to Reproduce: 1. Create new user 2. ipa group-find --private Actual results: Shows a private group with name and GID as user's name and UID. Expected results: No private group. Additional info: Discussed with JrAquino on IRC. --- Additional comment from mkosek on 2011-04-20 08:38:43 EDT --- There is a relevant upstream ticket in progress: https://fedorahosted.org/freeipa/ticket/1131 You may want to check the relevant discussion in freeipa-devel list: http://www.redhat.com/archives/freeipa-devel/2011-March/msg00207.html --- Additional comment from mkosek on 2011-08-16 12:27:23 EDT --- Fixed upstream master: https://fedorahosted.org/freeipa/changeset/dea578a357b2ebc68f56ef31f841cfe056f73303
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/dea578a357b2ebc68f56ef31f841cfe056f73303
verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Get Default Status of User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'ipa-managed-entries -e "UPG Definition" status > /tmp/upgstatus.out 2>&1' :: [ PASS ] :: File '/tmp/upgstatus.out' should contain 'Plugin Enabled' :: [ LOG ] :: Duration: 3s :: [ LOG ] :: Assertions: 2 good, 0 bad :: [ PASS ] :: RESULT: Get Default Status of User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Disable User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Disable UPG Plugin :: [ PASS ] :: Required directory server restart :: [ PASS ] :: Get the status of the plugin :: [ PASS ] :: File '/tmp/upgstatus.out' should contain 'Plugin Disabled' :: [ LOG ] :: Duration: 14s :: [ LOG ] :: Assertions: 4 good, 0 bad :: [ PASS ] :: RESULT: Disable User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Add user with User Private Group Plugin Disabled :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Add user with plugin disabled :: [ PASS ] :: Make sure user private group was not added :: [ PASS ] :: Delete the test user added :: [ LOG ] :: Duration: 14s :: [ LOG ] :: Assertions: 3 good, 0 bad :: [ PASS ] :: RESULT: Add user with User Private Group Plugin Disabled :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Re-Enable User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Re-enable UPG Plugin :: [ PASS ] :: Required directory server restart :: [ PASS ] :: Get the status of the plugin :: [ PASS ] :: File '/tmp/upgstatus.out' should contain 'Plugin Enabled' :: [ LOG ] :: Duration: 17s :: [ LOG ] :: Assertions: 4 good, 0 bad :: [ PASS ] :: RESULT: Re-Enable User Private Groups Plugin :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Add user with User Private Groups Plugin Re-Enabled :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Add user with plugin re-enabled :: [ PASS ] :: Make sure user private group was added :: [ PASS ] :: Delete the test user added :: [ PASS ] :: Make sure user private group was delete too :: [ LOG ] :: Duration: 16s :: [ LOG ] :: Assertions: 4 good, 0 bad :: [ PASS ] :: RESULT: Add user with User Private Groups Plugin Re-Enabled version : ipa-server-2.2.0-7.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1,4 @@ -No documentation needed.+Cause: When a new user is added, User Private Group (UPG) is created and assigned as user primary group by default. However, there may be use cases when administrator wants to rather use a common group assigned as a primary group for all users. However, there is no switch to enforce this behavior for all user additions. +Consequence: Whenever a new user is added a special option always need to be used to prevent creation of UPG. +Change: Directory Server plugin which handles the creation of UPG can now be disabled with a new tool - ipa-managed-entries. +Result: Administrator can disable automatic creation of UPGs and let all new future users share a common group as their primary group.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html