Thank you Alexander.
I just wanted to differentiate between user/group ownership/permissions ACL's
and CA ACL and certificates. Yes, POSIX.

Can ACL's be managed through FreeIPA?
Assigning them to users and groups, establishing defaults, making changes
on a per user, per host, or via group settings basis?

Or does this have to happen with CLI commands issued on individual hosts?
On Saturday, May 18, 2019, 1:33:04 AM PDT, Alexander Bokovoy <abokovoy@redhat.com> wrote:


On pe, 17 touko 2019, Jim Rice via FreeIPA-users wrote:
>Does FreeIPA support ACL's, as in getfacl, setfacl?
> entry_type:[uid|gid]:perms
You mean POSIX ACLs, not UNIX ACLs (there is not such thing)?

POSIX ACLs are stored on disk with uid/gid as numbers. As such, Linux kernel
does not care what they resolve to by the user space processes, so any
provider that resolves them consistently is supporting them.

To answer directly: yes, using POSIX ACLs on file systems that support
them will work on IPA-enrolled clients.

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland