userify
Group membership
We've gotten several requests to optionally add users to specific group(s) on an instance.
It'd be great if those group(s) could be based on a custom role as we're currently doing with enhanced sudo roles in our beta Enterprise User Manager.
Unlike sudo, we could also grant membership into multiple groups. We could switch sudo grants over to specific groups as well and get an extra layer of abstraction that you could further delegate permissions/roles with on the client.
Im having the same concern right now. Unfortunately, this won't be overly useful to me until Im able to add users to specific groups
@jamiesonbecker Has any further progress been made towards this? It would be a huge boon to have this available.
Interestingly, another request to add this came in this morning. And, yes, we're moving forward!
Awesome! Is there anything I could help with? I'm not a python programmer so I'd probably be more useful on the testing end :)
Excellent! Definitely -- testing and shim docs would be really helpful once we get this cranked up shortly!
and thanks for your patience and enthusiasm :)
Finally, a definite answer! This feature is in the design plans for Userify 5 and coding has already begun. I'll update this as we move forward.
@jamiesonbecker we're deploying to servers with shared group accounts, implemented a simple adjustment. Our 'groupify' runs after shim:
for user in $( grep userify /etc/passwd | cut -d: -f1 ) do usermod -a -G wheel $user usermod -a -G dba $user done &> /dev/null
As an alternative to Ryan's suggestion (which is a great one if you have direct box access), we have also recommended to users that they use HA proxy or nginx in front of Userify anyway, so this will allow you to deploy a custom shim and switch over to the updated version as soon as this feature is available. See https://userify.com/docs/enterprise/nginx-proxy/ for an example. This will allow you to switch to a custom shim and back again without touching any of your servers.