I have noticed that group membership is functioning differently on CentOS 8
with FreeIPA 4.8.4-7 than I remember it functioning on CentOS 7. This is a
clean install with no use of backups.
I have a user user(2063) with a primary group of admingroup(2060). I set up
a sudo rule for members of admingroup(2060) and still could not sudo. The
user does not show up in admingroup(2060) as a member and could not use
sudo until I added the user to the group.
I do not remember this being the case when we were using CentOS 7 and the
available packages. I have also seen this when creating a service use to
set up crons to keep the new FreeIPA installation in sync with the OpenLDAP
installation we are replacing. No users show as members of the group
assigned as the user's GID.
My memory could be incorrect but I do not remember having to add members to
groups that had a primary GID of said group in order for sudo rules or ipa
commands to work (after kinit of course). If this is by design then I will
need to write something really quick to get members added to their primary
groups or if it's a setting I haven't been able to find it. I would
appreciate any help.
--
*Mark Potter*
Senior Linux Administrator
DownUnder GeoSolutions
Show replies by date