Linux group membership using OS Login

[Alex Holyoake]

When using OS login how do we specify which users should be in which groups?

I have OS login set up on a machine and is working, however it appears I have no control over which groups the user belongs to.

I see in the NSS source here: https://github.com/GoogleCloudPlatform/guest-oslogin/blob/9cb6ff499749b2a48d7f9aad7208cec89470e76e/src/oslogin_utils.cc#L858

that the following metadata endpoint is fetched

curl -H "Metadata-Flavor: Google" 'http://metadata.google.internal/computemetadata/v1/oslogin/groups?email=XXX 

However, this returns nothing of interest:

{"nextPageToken":"0"}

despite my user being a member of several google groups (which do appear when using services like Secure LDAP, OAuth etc)

How do I populate the above metadata endpoint?

Cheers,

Alex

[Max Illfelder]

Hi Alex,

Linux group support for OS Login is currently an Alpha feature. Once whitelisted, you can apply posix group information to your Cloud Identity groups, allowing you to control Linux group membership in your VMs.

If you would like to be whitelisted for this feature, please fill out this google form: https://docs.google.com/forms/d/e/1FAIpQLSc-xXe2B2vFwKLj7YiSZ0ugh6EuQKAyqKUXrhcTs20qLoTleg/viewform

Max