Fedora directory users - Mar 2006 - Getting Started, POSIX accounts

Hi guys.  I''ve installed FDS and the setup is killing me.  Essentially
all I
want to use it for is Posix accounts and groups and I''m having trouble
with
groups.

Getting user accounts is no problem, the attributes are aleady there, but
posix groups are from scratch?

If someone could point me in the right direction, or send me a link I would
appreciate it.  I''ve combed through the RHDS documentation and not been
able
to find what I was looking for.

--
Michael

--- Michael Christian <mchristianjr@gmail.com> wrote:
> Hi guys.  I''ve installed FDS and the setup is killing me. 
Essentially all I
> want to use it for is Posix accounts and groups and I''m having
trouble with
> groups.
> 
> Getting user accounts is no problem, the attributes are aleady there, but
> posix groups are from scratch?
> 
> If someone could point me in the right direction, or send me a link I would
> appreciate it.  I''ve combed through the RHDS documentation and not
been able
> to find what I was looking for.
Groups are easy, what are you having problems with?

Just run migrate_group.pl script on /etc/group on a representative machine,
that''ll produce an
LDIF you can import into your FDS.  Verify that the dn is correct and load it
in.

It puts all posix groups into an ou=Groups, which I found convenient.  From the
UI, you can see
all your posix groups grouped together under Groups.

If you are adding groups from the console, remember to highlight the Groups OU,
right click, add
new, "other" posix group.  I also change the index to the cn, instead
of gid, that makes it easier
to read.

You just have to decide whether you want to continue with the Linux standard
where every user is a
member of his own group.  As the number of users grows, that becomes a PITA.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

On Wed, 2006-03-29 at 17:12 -0800, Susan wrote:
> 
> --- Michael Christian <mchristianjr@gmail.com> wrote:
> 
> > Hi guys.  I''ve installed FDS and the setup is killing me. 
Essentially all I
> > want to use it for is Posix accounts and groups and I''m
having trouble with
> > groups.
> > 
> > Getting user accounts is no problem, the attributes are aleady there,
but
> > posix groups are from scratch?
> > 
> > If someone could point me in the right direction, or send me a link I
would
> > appreciate it.  I''ve combed through the RHDS documentation
and not been able
> > to find what I was looking for.
> 
> Groups are easy, what are you having problems with?
> 
> Just run migrate_group.pl script on /etc/group on a representative machine,
that''ll produce an
> LDIF you can import into your FDS.  Verify that the dn is correct and load
it in.
> 
> It puts all posix groups into an ou=Groups, which I found convenient.  From
the UI, you can see
> all your posix groups grouped together under Groups.
----
on a Red Hat system, it will default to Group and not Groups - I found
this incredibly confusing at first.
----
> 
> If you are adding groups from the console, remember to highlight the Groups
OU, right click, add
> new, "other" posix group.  I also change the index to the cn,
instead of gid, that makes it easier
> to read.
> 
> You just have to decide whether you want to continue with the Linux
standard where every user is a
> member of his own group.  As the number of users grows, that becomes a
PITA.
----
and pretty pointless for workgroups, domains, etc.

Craig

El mié, 29-03-2006 a las 17:12 -0800, Susan escribió:
> You just have to decide whether you want to continue with the Linux
standard where every user is a
> member of his own group.  As the number of users grows, that becomes a
PITA.
I''ve struggled with this issue, researching the rationale behind it,
but
I''m not any wiser.

Would anyone care to comment on the "every user has a group" issue?
-- 
Oscar A. Valdez

On Thu, 2006-03-30 at 09:01 -0600, Oscar A. Valdez
wrote:
> El mié, 29-03-2006 a las 17:12 -0800, Susan escribió:
> > You just have to decide whether you want to continue with the Linux
standard where every user is a
> > member of his own group.  As the number of users grows, that becomes a
PITA.
> 
> I''ve struggled with this issue, researching the rationale behind
it, but
> I''m not any wiser.
> 
> Would anyone care to comment on the "every user has a group"
issue?
----
I can''t speak to Linux standard - I only am familiar with the Red Hat
packaging, which would by default...

useradd craig

add both a user and a group named craig

the man page for useradd on a Red Hat system has this caveat..." The
version provided with Red Hat Linux will create a group for each user
added to the system by default."

I suspect this is what Susan is referring to. Of course, you can always
pass a parameter to useradd...

useradd -g dom_users craig

which would not create a group named craig

Craig

On Thu, 2006-03-30 at 11:06, Craig White wrote:
> > > You just have to decide whether you want to continue with the
Linux standard where every user is a
> > > member of his own group.  As the number of users grows, that
becomes a PITA.
> > 
> > I''ve struggled with this issue, researching the rationale
behind it, but
> > I''m not any wiser.
> > 
> > Would anyone care to comment on the "every user has a group"
issue?
> ----
> I can''t speak to Linux standard - I only am familiar with the Red
Hat
> packaging, which would by default...
> 
> useradd craig
> 
> add both a user and a group named craig
> 
> the man page for useradd on a Red Hat system has this caveat..." The
> version provided with Red Hat Linux will create a group for each user
> added to the system by default."
Yes, I think this is redhat-specific.  The reasoning is that the
home directories can be made group rw and a default umask of
0002 used without initially introducing any new permission
problems since no one else but the user is in the group. This
simplifies the changes needed when you do want group access
since the permissions are already there and the groups are
unique. All you have to do is add the other user(s) to your
group.

-- 
  Les Mikesell
   lesmikesell@gmail.com