#3217 [RFE] Rule based group membership
Closed: wontfix 5 years ago Opened 11 years ago by sakodak.

I have a need for users to have different group memberships (specifically, different primary groups) on different hosts. For example, bob needs a primary group of "devgroup1" on machine-A, but needs a primary group of "devgroup2" on machine-B.

Currently bob can only have one primary group in IPA, and then must override with "newgrp" or "sg" on hosts where it needs to be different from the default. Bob can't easily set it in his rc files because those commands spawn subshells that re-read the config files, causing an infinite loop. Having some logic in the rc file fixes this easily, but is suboptimal because it causes two shells to spawn for every interactive session -- and only works for interactive sessions, so, for example, cron jobs that generate files will not behave as desired (granted, they can always change group membership of generated files in their scripts.)

My idea is to have rules similar to HBACs but for group membership.


Metadata Update from @sakodak:
- Issue assigned to someone
- Issue set to the milestone: Ticket Backlog

7 years ago

Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.

Metadata