13.4. Disabling User Private Groups
13.4.1. Creating a User without a User Private Group
--noprivateoption to the
ipa user-addcommand. Note that for the command to succeed, you must specify a custom private group. See Section 13.4.3, “Adding a User with User Private Groups Disabled”.
13.4.2. Disabling User Private Groups Globally for All Users
- Log in as the administrator:
$ kinit admin
- IdM uses the Directory Server Managed Entries Plug-in to manage user private groups. List the instances of the plug-in:
$ ipa-managed-entries --list
- To ensure IdM does not create user private groups, disable the plug-in instance responsible for managing user private groups:
$ ipa-managed-entries -e "UPG Definition" disable Disabling Plugin
NoteTo re-enable the
UPG Definitioninstance later, use the
ipa-managed-entries -e "UPG Definition" enablecommand.
- Restart Directory Server to load the new configuration.
# systemctl restart dirsrv.target
13.4.3. Adding a User with User Private Groups Disabled
- Specify a custom GID when adding a new user. The GID does not have to correspond to an already existing user group.For example, when adding a user from the command line, add the
--gidoption to the
- Use an automember rule to add the user to an existing group with a GID. See Section 13.6, “Defining Automatic Group Membership for Users and Hosts”.