About Linux group visibility

With Centrify Clients for Linux, the roles that you define in Centrify PAS become visible as a secondary group in Linux systems. This allows you to control Linux or LXC entitlements by way of secondary UNIX group membership.

For example, say you have two security groups:

• groupA@corp.acme.com
• groupB@widgets.com

You can configure those security groups to be members of a role in Centrify PAS, let's call it pas-sudoers.

groupA & groupB groups = pas-sudoers role

You can then grant permissions to that pas-sudoers role so that the users and groups in that role have Linux system privileges to run su as root, similar to a "wheel" group in UNIX.

The benefits of making Linux groups visible in Centrify PAS roles are:

• Simplified administration

  Centrify PAS simplifies the UNIX identity of the group. In this example, the group name is pas-sudoers and the group ID is automatically set by Centrify PAS.

• Ease of integration

  Use Centrify PAS as the central, corporate tool and workflow utility to manage group memberships, such as adds, moves, and other changes.

For details, see Setting group visibility for clients.