On Sun, May 05, 2019 at 04:11:34PM -0000, soham chakraborty wrote:
Hi,
I have a requirement where human users will be logging in with their AD accounts.
However, there are some applications that create local user and group and at times, the AD
users may need to work on the application, view/edit files owned by the application
user/group, run programs etc. Therefore we need to create some sort of mapping between the
AD users and the local group.
After coming through this mailing list, I realized that the recommendation is to add the
remote AD users into the local group by way of modifying /etc/group file. What I am
wondering is that, is this the only way to solve the problem or is there any other way
(presumably better way) to handle this?
I am using Puppet already. Therefore I think I may use the augeas provider to edit
/etc/group file to add the users. I also need to devise a way so that users can be deleted
from /etc/group easily in an automated fashion. Has anyone got any tips under their sleeve
that can be used to roll out this feature in a lot of servers?
If you can ensure that the remote group and the local group will always
have the same name and GID, then perhaps you could use:
https://sourceware.org/glibc/wiki/Proposals/GroupMerging