#3949 Unable to create user without private group (--noprivate option)
Closed: Invalid None Opened 10 years ago by mbasti.

Unable to create user with --noprivate option

$ ipa user-add jjsmith --first=JJ --last=Smith --noprivate
ipa: ERROR: Default group for new users is not POSIX

$ ipa config-show
...
Default users group: ipausers
...

$ ipa user-add jjsmith --first=JJ --last=Smith 
 -> Success

$ ipa group-find  --private jjsmith
...
  Group name: jjsmith
  Description: User private group for jjsmith
  GID: 1236800001
...

Closing as invalid.


Sorry for text format before:

$ ipa user-add jjsmith --first=JJ --last=Smith --noprivate 
ipa: ERROR: Default group for new users is not POSIX





$ ipa config-show 
...
 Default users group: ipausers 
...





$ ipa user-add jjsmith --first=JJ --last=Smith
-> Success





$ ipa group-find --private jjsmith 
...
 Group name: jjsmith
 Description: User private group for jjsmith  
 GID: 1236800001
...

This behaves as designed. ipausers group is not posix -> does not have GID (unless you modify this group and make it posix).

This means, that if you add a user and do not create have the default user group posix, user-add has no means of making up user GID. This leaves you with 2 options:

  • Make default user group posix
  • Specify user GID manually:

    ipa user-add --first Foo --last Bar fbar --gid 10000 --noprivate


    Added user "fbar"

    User login: fbar
    First name: Foo
    Last name: Bar
    Full name: Foo Bar
    Display name: Foo Bar
    Initials: FB
    Home directory: /home/fbar
    GECOS field: Foo Bar
    Login shell: /bin/sh
    Kerberos principal: fbar@EXAMPLE.COM
    Email address: fbar@example.com
    UID: 1498600005
    GID: 10000
    Password: False
    Kerberos keys available: False

Metadata Update from @mbasti:
- Issue assigned to someone
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

7 years ago

Login to comment on this ticket.

Metadata