Hi I'm trying to figure out the best practice for groups on my client servers.
I have several computation workstation hosts that have been added as freeipa clients, and several engineers who want to run docker on them
Members of the 'docker' group (gid=999 on some machines, for example) can run docker without needing sudo, which is what I want to roll out to all machines. Ideally this would be managed from freeipa with LDAP groups, and so anyone in the 'engineers' group should also be a member of the 'docker' group.
When I create a 'docker' group on freeIPA it will have some other gid and the client sees that.
Should I just delete the original docker group from my hosts and let it get it from ldap, or should I go into /etc/group and change the gid to the one that matches the right ldap gid, or preferably something easier than that?