Bug 13946 - Implement synthetic private groups
Summary: Implement synthetic private groups
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: unspecified
Hardware: All All
: P5 enhancement (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-14 17:14 UTC by Robert Marcano
Modified: 2019-05-14 17:14 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Marcano 2019-05-14 17:14:06 UTC
SSSD has a feature named auto private groups [1], that generates synthetic private groups per user, This permits to follow the same conventions many Linux distributions use to have a group named as the user as their primary group.

This avoid having to create groups for each user and to manually set the primary group for them on AD, no need to pollute the AD domain with private groups or removes the need to change users umask on those servers in order to avoid leaking data to the Domain Users group if administrators do not properly set primary groups.


[1] https://docs.pagure.org/SSSD.sssd/design_pages/auto_private_groups.html