Am Tue, May 02, 2023 at 06:47:21AM -0000 schrieb David Serrano Amarelle:
Hi Sumit,
Thanks a lot for your help.
About:
if I understand it correctly there are groups in AD with GIDs 102242 and 100327 and there are objects (users or groups) in IPA with are using the same number as UID/GID.
It's the other way around, but exactly as you said: there are users (or groups) in freeipa with uid (or gid) 102242 and 100327.
[root@lab6 ~]# id user1(a)addomain2.com uid=105806(user1) gid=106520(group1) groups=106520(group1),104446(group2),104870(group3),102242(group5),100327(group6)
Based on your answer, I am going to create a new id range for new users ir order to avoid this collision in the future. But, obviously, I have a problem with the current uids/gids...
Just one last question, if you could. As far as I know Linux works with uids/gids all the time, do you think this issue with current collisions could cause any real problem? I mean, this is an aesthetic issue or do I have a real mess with permissions?
Hi,
you are right, the operating system only cares about the numerical UID and GID values, i.e. two groups with the same GID are the same. This means e.g. with respect to file-system permissions, if you want to have a file which should be only accessible for members of the AD group with the GID 102242 this would not be possible because members of the IPA group with GID 102242 can access this file as well.
bye, Sumit
Thanks again david _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue