On 6 Jun 2024, at 14:43, Rob Crittenden <rcritten@redhat.com> wrote:

Djerk Geurts via FreeIPA-users wrote:
 Hi all,
 
 Working on NFS access for local system accounts I found that one NFS
 client was only able to use a primary group to gain access to an NFS
 share via group privileges, and not a secondary group.
 
 But now, I’ve run into an issue where I need to grant others access to
 the same files, and their use of secondary group membership isn’t a
 problem. So now I’m considering if I can change the private group to a
 normal group and still have it as the primary group for the system account.
 
 I don’t want to have to change the group ownership of 10TB of files and
 folders again as this takes a long time. So the gid must stay ideally
 stay the same. Can I:
 
   * Change the group type, so it shows up in the IPA GUI and add another
     group to it.
   * Delete the private group and recreate it as a normal group with the
     same gid and name?
 
 
 Or am I screwed and need to remove the user and group and recreate them
 from scratch?
On the cli you can do: ipa group-detach <group>

There is no equivalent attach command to convert a non-private group
into a private one (except a toy I made on my blog).

rob