Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
13.4. Disabling User Private Groups
To ensure that IdM does not create a default user private group for a new user, choose one of the following:
Even after you disable creating default user private groups, IdM will still require a GID when adding new users. To ensure that adding the user succeeds, see Section 13.4.3, “Adding a User with User Private Groups Disabled”.
Note
If you want to disable creating default user private groups because of GID conflicts, consider changing the default UID and GID assignment ranges. See Chapter 14, Unique UID and GID Number Assignments.
13.4.1. Creating a User without a User Private Group
Copia collegamentoCollegamento copiato negli appunti!
Add the
--noprivate option to the ipa user-add command. Note that for the command to succeed, you must specify a custom private group. See Section 13.4.3, “Adding a User with User Private Groups Disabled”.
13.4.2. Disabling User Private Groups Globally for All Users
Copia collegamentoCollegamento copiato negli appunti!
- Log in as the administrator:
kinit admin
$ kinit adminCopy to Clipboard Copied! Toggle word wrap Toggle overflow - IdM uses the Directory Server Managed Entries Plug-in to manage user private groups. List the instances of the plug-in:
ipa-managed-entries --list
$ ipa-managed-entries --listCopy to Clipboard Copied! Toggle word wrap Toggle overflow - To ensure IdM does not create user private groups, disable the plug-in instance responsible for managing user private groups:
ipa-managed-entries -e "UPG Definition" disable
$ ipa-managed-entries -e "UPG Definition" disable Disabling PluginCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteTo re-enable theUPG Definitioninstance later, use the ipa-managed-entries -e "UPG Definition" enable command. - Restart Directory Server to load the new configuration.
systemctl restart dirsrv.target
# systemctl restart dirsrv.targetCopy to Clipboard Copied! Toggle word wrap Toggle overflow
13.4.3. Adding a User with User Private Groups Disabled
Copia collegamentoCollegamento copiato negli appunti!
To make sure adding a new user succeeds when creating default user private groups is disabled, choose one of the following:
- Specify a custom GID when adding a new user. The GID does not have to correspond to an already existing user group.For example, when adding a user from the command line, add the
--gidoption to the ipa user-add command. - Use an automember rule to add the user to an existing group with a GID. See Section 13.6, “Defining Automatic Group Membership for Users and Hosts”.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}