[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

moving to usergroups


I'd like to change all LDAP user accounts to have a per-user group as
their primary group.

Currently, on debian.org infrastructure, users have as their primary
group either gid Debian (800), or gid guest (60000).  This, of course,
results in their files being owned by that group by default.

This is somewhat ugly for the case where people have their account
upgraded from guest to DD status[1], because the account ends up with
files being owned by the "wrong" group.

Furthermore, this prevents people from having 002 as their umask by
default, which is at times a problem when people also actively work
in team-owned filesystem trees.

Therefore I propose to:
 - create, for each user in the Debian LDAP, a group named like the
 - Make the primary group for each user their corresponding group.
 - Make their former primary group (Debian, guest) a supplementary

This would require adapting all scripts that currently rely on the gid
field to tell if somebody is a DD.  They would have to change their
filter/condition from e.g. gidNumber=800 to supplementaryGid=Debian.
(Note that supplementaryGid is a multi-value field.)



1. The reverse transition has also been observed with people retiring
   but still needing access to porter systems but it's a lot rarer.
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/

Reply to: