Is detaching all I need to do?
On 6 Jun 2024, 14:43, at 14:43, Rob Crittenden rcritten@redhat.com wrote:
Djerk Geurts via FreeIPA-users wrote:
Hi all,
Working on NFS access for local system accounts I found that one NFS client was only able to use a primary group to gain access to an NFS share via group privileges, and not a secondary group.
But now, I’ve run into an issue where I need to grant others access
to
the same files, and their use of secondary group membership isn’t a problem. So now I’m considering if I can change the private group to
a
normal group and still have it as the primary group for the system
account.
I don’t want to have to change the group ownership of 10TB of files
and
folders again as this takes a long time. So the gid must stay ideally stay the same. Can I:
- Change the group type, so it shows up in the IPA GUI and add
another
group to it.
- Delete the private group and recreate it as a normal group with
the
same gid and name?Or am I screwed and need to remove the user and group and recreate
them
from scratch?
On the cli you can do: ipa group-detach <group>
There is no equivalent attach command to convert a non-private group into a private one (except a toy I made on my blog).
rob