Making group membership a requirement
On most Linux and UNIX computers, users can only be members of a limited number of groups at once. Because of this limitation, it is useful to be able to change a user’s effective group membership to add and remove groups when necessary. You can use the adsetgroups command to dynamically manage the set of Active Directory groups that are available to a user account. You also have the option to specify that membership in a specific group is required in a zone. If you specify that a group is required, users who are members of the group cannot remove the required group profile from their currently active set of groups.
To make membership in a specific group profile required:
- Open Access Manager.
- Expand Zones and any parent or child zones required to select the zone name for which you want to add a required group.
- Expand Groups, then select the group name you want to make required.
- Right-click, then select Zone Profile to display the Centrify UNIX Profile for the group.
- Select the Users are required to be members of this group option.
- Click Permissions to set specific permissions for this group, if needed, then click OK.
For more information about using the adsetgroups command, see the adsetgroups man page.