Show Table of Contents
13.4. Disabling User Private Groups
To ensure that IdM does not create a default user private group for a new user, choose one of the following:
Even after you disable creating default user private groups, IdM will still require a GID when adding new users. To ensure that adding the user succeeds, see Section 13.4.3, “Adding a User with User Private Groups Disabled”.
Note
If you want to disable creating default user private groups because of GID conflicts, consider changing the default UID and GID assignment ranges. See Chapter 14, Unique UID and GID Number Assignments.
13.4.1. Creating a User without a User Private Group
Add the
--noprivate option to the ipa user-add command. Note that for the command to succeed, you must specify a custom private group. See Section 13.4.3, “Adding a User with User Private Groups Disabled”.
13.4.2. Disabling User Private Groups Globally for All Users
- Log in as the administrator:
$ kinit admin
- IdM uses the Directory Server Managed Entries Plug-in to manage user private groups. List the instances of the plug-in:
$ ipa-managed-entries --list
- To ensure IdM does not create user private groups, disabling the plug-in instance responsible for managing user private groups:
$ ipa-managed-entries -e "UPG Definition" disable Disabling Plugin
Note
To re-enable theUPG Definitioninstance later, use theipa-managed-entries -e "UPG Definition" enablecommand. - Restart Directory Server to load the new configuration.
# systemctl restart dirsrv.target
13.4.3. Adding a User with User Private Groups Disabled
To make sure adding a new user succeeds when creating default user private groups is disabled, choose one of the following:
- Specify a custom GID when adding a new user. The GID does not have to correspond to an already existing user group.For example, when adding a user from the command line, add the
--gidoption to theipa user-addcommand. - Use an automember rule to add the user to an existing group with a GID. See Section 13.6, “Defining Automatic Group Membership for Users and Hosts”.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.