13946 – Implement synthetic private groups

Bug 13946 - Implement synthetic private groups

Summary: Implement synthetic private groups

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 enhancement (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-05-14 17:14 UTC by Robert Marcano
Modified:	2019-05-14 17:14 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Marcano 2019-05-14 17:14:06 UTC

SSSD has a feature named auto private groups [1], that generates synthetic private groups per user, This permits to follow the same conventions many Linux distributions use to have a group named as the user as their primary group.

This avoid having to create groups for each user and to manually set the primary group for them on AD, no need to pollute the AD domain with private groups or removes the need to change users umask on those servers in order to avoid leaking data to the Domain Users group if administrators do not properly set primary groups.


[1] https://docs.pagure.org/SSSD.sssd/design_pages/auto_private_groups.html