Este conteúdo não está disponível no idioma selecionado.
9.8. Managing User Private Groups
			On Red Hat Enterprise Linux systems, every time a user is created, a corresponding, secret user group is automatically created with that new user as its only member. This is a user private group. Using user private groups makes it simpler and safer to manage file and directory permissions because 
umask defaults only have to restrict user access, not group access.
		
			When a new user is created in the IdM domain, it is also created with a corresponding private group, following the Red Hat Enterprise Linux convention. For most environments, this is an acceptable default behavior, but there may be certain users or types of users which do not require a private group or the environment may already have those GIDs[3] assigned to NIS groups or other system groups.
		
9.8.1. Listing User Private Groups
Copiar o linkLink copiado para a área de transferência!
				User private groups are specific to a single user and are only used by the system. They are private, so they are not viewable in the IdM UI. However, not every user has a private group, depending on the options when a user is created, so it can be useful to get a list of configured private groups within the IdM user domain. Private groups can be searched and listed by using the 
--private option with the group-find command. For example:
			9.8.2. Disabling Private Groups for a Specific User
Copiar o linkLink copiado para a área de transferência!
				Private group creation can be disabled when a user is created by using the 
--noprivate option.
			
				There is one thing to note when adding a user without a private group: the Linux system still expects a user GID for the new user. However, the one default user group (
ipausers) is a non-POSIX group and, therefore, does not have an associated GID. So that the add operation does not fail, it is necessary either to set an explicit user GID with the --gid option or to create a group with a GID and add the user to that group using an automembership rule (covered in Chapter 25, Policy: Defining Automatic Group Membership for Users and Hosts).
			ipa user-add jsmith --first=John --last=Smith --noprivate --gid 10000
[jsmith@server ~]$ ipa user-add jsmith --first=John --last=Smith --noprivate --gid 100009.8.3. Disabling Private Groups Globally
Copiar o linkLink copiado para a área de transferência!
				User private groups are managed through the Managed Entries Plug-in in 389 Directory Server. This plug-in can be disabled, which effectively disables private group creation for all new users.
			
				This is done using the 
ipa-managed-entries command.
			- Use theipa-managed-entriescommand to list possible Managed Entries Plug-in definitions. By default, there are two, one for new users (UPG) and one for netgroups (NGP).ipa-managed-entries --list -p DMpassword [root@ipaserver ~]# ipa-managed-entries --list -p DMpassword Available Managed Entry Definitions: UPG Definition NGP DefinitionCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Disable the desired Managed Entries Plug-in instance. For example:ipa-managed-entries -e "UPG Definition" -p DMpassword disable [root@ipaserver ~]# ipa-managed-entries -e "UPG Definition" -p DMpassword disable Disabling PluginCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Restart the 389 Directory Server to load the new plug-in configuration.service dirsrv restart [root@ipaserver ~]# service dirsrv restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
				Managed Entries Plug-in instances can be re-enabled with the 
enable option.
			[3] 
				See Section 9.9, “Managing Unique UID and GID Number Assignments” for information on changing GID/UID assignment ranges.