Via Samba with idmap_rid, users and groups from LDAP are available on the Ubuntu systems. However, a collision occurs for the user group name staff with Debian/Ubuntu’s own local user group staff (GID: 50).
Therefore I would like to rename the local user group staff to debian-staff.
I tried to implement this via Puppet, which unfortunately did not work. Puppet seems to always try a groupadd instead of groupmod, although the local GID 50 already exists.
group { 'debian-staff':
ensure => present,
gid => 50,
forcelocal => true,
}
Error: Could not create group debian-staff: Execution of ‘/usr/sbin/groupadd -g 50 debian-staff’ returned 4: groupadd: GID ’50’ already exists
How can I rename a local user group with Puppet?
2
Answers
The most useful way I have found to rename groups via Puppet is:
The
groupmodcommand is used to rename, but only if thestaffgroup with ID50is found in/etc/group.The
groupresource type can only identify groups by name, not by number, and does not provide for renaming.You cannot do that with the built in
Groupresource type, because the group name is the namevar of that type. That is, its unique identifier. AGroupwith a different name is necessarily a different group.In principle, you could remove the
Groupand then add a different one, but that might still present an issue both initially (if the system attempts to manage the LDAP group instead of the local one) and afterward (because even if the LDAP group was not selected for modification before, it stands a good chance of being selected on subsequent runs, after the conflict is resolved). Additionally, that might lose information you care about, such as users who have the localstaffgroup as a secondary group.One quick and dirty way to genuinely change a group name would be something like this: