Djerk Geurts via FreeIPA-users wrote:
Hi all,
Working on NFS access for local system accounts I found that one NFS client was only able to use a primary group to gain access to an NFS share via group privileges, and not a secondary group.
But now, I’ve run into an issue where I need to grant others access to the same files, and their use of secondary group membership isn’t a problem. So now I’m considering if I can change the private group to a normal group and still have it as the primary group for the system account.
I don’t want to have to change the group ownership of 10TB of files and folders again as this takes a long time. So the gid must stay ideally stay the same. Can I:
- Change the group type, so it shows up in the IPA GUI and add another group to it.
- Delete the private group and recreate it as a normal group with the same gid and name?
Or am I screwed and need to remove the user and group and recreate them from scratch?
On the cli you can do: ipa group-detach <group>
There is no equivalent attach command to convert a non-private group into a private one (except a toy I made on my blog).
rob