You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
See ticket #1255 for the design of the new approach of dealing with fake/ghost users. There are some situations when fake/ghost users are removed from child groups but would still show up as a member of the parent group. It might look confusing and might cause some unnecessary bugs and tickets filed. To prevent this we need to clearly articulate how things would work with the new approach and what to expect.
It should also be made clear that this behavior will be only cosmetic. When the real user in question logs in (and thus an {{{initgroups()}}} call is made), these ghost entries will disappear. There should be no actual permission error, unless someone is relying on the list of users in a group for an access-control decision instead of asking whether a user is a member of that group (subtle, but important distinction).
description: See ticket #1255 for the design of the new approach of dealing with fake/ghost users. There are some situations when fake/ghost users are removed form child groups but would still show up as a member of the parent group. It might look confusing and might cause some unnecessary bugs and tickets filed. To prevent this we need to clearly articulate how things would work with the new approach and what to expect. => See ticket #1255 for the design of the new approach of dealing with fake/ghost users. There are some situations when fake/ghost users are removed from child groups but would still show up as a member of the parent group. It might look confusing and might cause some unnecessary bugs and tickets filed. To prevent this we need to clearly articulate how things would work with the new approach and what to expect.
type: enhancement => task
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1256
See ticket #1255 for the design of the new approach of dealing with fake/ghost users. There are some situations when fake/ghost users are removed from child groups but would still show up as a member of the parent group. It might look confusing and might cause some unnecessary bugs and tickets filed. To prevent this we need to clearly articulate how things would work with the new approach and what to expect.
Comments
Comment from sgallagh at 2012-03-15 18:13:36
It should also be made clear that this behavior will be only cosmetic. When the real user in question logs in (and thus an {{{initgroups()}}} call is made), these ghost entries will disappear. There should be no actual permission error, unless someone is relying on the list of users in a group for an access-control decision instead of asking whether a user is a member of that group (subtle, but important distinction).
description: See ticket #1255 for the design of the new approach of dealing with fake/ghost users. There are some situations when fake/ghost users are removed form child groups but would still show up as a member of the parent group. It might look confusing and might cause some unnecessary bugs and tickets filed. To prevent this we need to clearly articulate how things would work with the new approach and what to expect. => See ticket #1255 for the design of the new approach of dealing with fake/ghost users. There are some situations when fake/ghost users are removed from child groups but would still show up as a member of the parent group. It might look confusing and might cause some unnecessary bugs and tickets filed. To prevent this we need to clearly articulate how things would work with the new approach and what to expect.
type: enhancement => task
Comment from sgallagh at 2012-03-15 18:13:49
Fields changed
blockedby: => 1255
Comment from dpal at 2012-03-22 14:06:37
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=805921
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=805921 805921]
Comment from dpal at 2012-03-22 14:19:37
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.9 beta
Comment from jhrozek at 2012-04-16 10:22:10
This is related to ticket #1255 and should have the same owner.
owner: somebody => jzeleny
Comment from sgallagh at 2012-05-03 19:39:02
Fields changed
milestone: SSSD 1.9.0 beta 1 => SSSD 1.9.0 beta 2
Comment from jzeleny at 2012-05-31 10:52:13
FAQ updated: if there are no suggestions where else to place comments, I'm going to close this ticket.
https://fedorahosted.org/sssd/wiki/FAQ
(Why do some users appear as group members even if they are not?)
Comment from jzeleny at 2012-05-31 22:11:26
Fields changed
resolution: => fixed
status: new => closed
Comment from dpal at 2017-02-24 15:03:25
Metadata Update from @dpal:
The text was updated successfully, but these errors were encountered: