teleport icon indicating copy to clipboard operation
teleport copied to clipboard

Published 20 hours ago verified publisher icon gravitational

Add support to specify numeric gid for `host_groups`

Open programmerq opened this issue 10 months ago • 1 comments

What would you like Teleport to do?

When using automatic host user provisioning, it's possible to list host_groups that a user should belong to. It should be possible to specify the GID for these groups.

What problem does this solve?

If any group listed in a user's host_groups don't exist, it is created by calling groupadd. This means the numeric GID can be inconsistent across hosts for the same group name, since groupadd will always take the next available GID slot.

If a workaround exists, please include it.

All workarounds involve manual steps.

programmerq avatar Apr 26 '24 20:04 programmerq

IIUC this is the same thing that spec.allow.host_user_gid does, but the request is for it to support a GID per group?

Pseudo-role example:

spec:
  allow:
    host_groups:
    - group: group1
      gid: 1001
    - group: group2
      gid: 1004

webvictim avatar May 02 '24 12:05 webvictim