Hi,
we are upgrading some servers from C6 to C7 with a lot of user accounts on them (UID>=500). CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs.
Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I could just grep the users out from passwd/shadow/group files and append them to the Centos7 passwd/shadow/group files. Can this do any damage to CentOS7 later on? Thinking about updates....
Thanks, Thomas
On Thu, Oct 22, 2020 at 2:12 PM Thomas Plant thomas@plant.systems wrote:
Hi,
we are upgrading some servers from C6 to C7 with a lot of user accounts on them (UID>=500). CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs.
Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I could just grep the users out from passwd/shadow/group files and append them to the Centos7 passwd/shadow/group files. Can this do any damage to CentOS7 later on? Thinking about updates....
Thanks, Thomas
reading official doc here for upstream: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
" Important
The default range of IDs for system and normal users has been changed in Red Hat Enterprise Linux 7 from earlier releases. Previously, UID 1-499 was used for system users and values above for normal users. The default range for system users is now 1-999. This change might cause problems when migrating to Red Hat Enterprise Linux 7 with existing users having UIDs and GIDs between 500 and 999. The default ranges of UID and GID can be changed in the /etc/login.defs file. "
and also here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
" The default ranges of UID and GID can be manually changed in the /etc/login.defs file. " It seems you can safely change the settings in your CentOS 7 system. I think no new effective system users/groups already occupying the new range slots... HIH, Gianluca
Hi,
we are upgrading some servers from C6 to C7 with a lot of user accounts on them (UID>=500). CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs.
Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I could just grep the users out from passwd/shadow/group files and append them to the Centos7 passwd/shadow/group files. Can this do any damage to CentOS7 later on? Thinking about updates....
When I did an upgrade from CentOS 5 to 7 I found that even a standard install of CentOS 7 already used a number of GIDs in the range of 500-999.
In the end I decided to rearrange all users to new UIDs/GIDs and converted all storage with a script.
The tricky part was to find a way which doesn't take ages to convert storage. Doing so with find.... wasn't possible for performance reasons.
Attached script was used to convert every user. It was the fastest way I found. The script was started in background for every user.
Regards, Simon
Hi,
we are upgrading some servers from C6 to C7 with a lot of user accounts on them (UID>=500). CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs.
Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I could just grep the users out from passwd/shadow/group files and append them to the Centos7 passwd/shadow/group files. Can this do any damage to CentOS7 later on? Thinking about updates....
When I did an upgrade from CentOS 5 to 7 I found that even a standard install of CentOS 7 already used a number of GIDs in the range of 500-999.
In the end I decided to rearrange all users to new UIDs/GIDs and converted all storage with a script.
The tricky part was to find a way which doesn't take ages to convert storage. Doing so with find.... wasn't possible for performance reasons.
Attached script was used to convert every user. It was the fastest way I found. The script was started in background for every user.
Looks like attachments are stripped from the mail, so here is the script embedded:
----%<---- #!/bin/bash
if (( $# < 3 )); then echo "Usage: $0 <username> <new uid> <dir> [<dir>...]" echo "Example: $0 user1 1000 /tmp /etc /usr /opt /var /home" exit 1 fi
USR=$1 NEW_UID=$2 NEW_GID=
shift 2 DIRS=$@
OLD_UID=$(id -u $USR) OLD_GID=$(id -g $USR)
if [[ -z "$NEW_GID" ]]; then NEW_GID=$NEW_UID fi
echo "modifying user $USR ids ${OLD_UID}:${OLD_GID} -> ${NEW_UID}:${NEW_GID} on $DIRS"
# Note: usermod changes ownership of at least $HOME and /var/spool/mail/${USR} groupmod -g $NEW_GID $USR usermod -u $NEW_UID -g $USR $USR
chown --changes --silent --no-dereference --preserve-root --recursive --from=:${OLD_GID} :${NEW_GID} $DIRS chown --changes --silent --no-dereference --preserve-root --recursive --from=${OLD_UID} ${NEW_UID} $DIRS ----%<----
On 10/22/2020 6:06 AM, Simon Matter wrote:
In the end I decided to rearrange all users to new UIDs/GIDs and converted all storage with a script.
I'm rsyncing to an RH8 box for backup (it will eventually become the production box), and rsync maintains usernames even when the numeric IDs are different. So I cobbled together some Python scripts to migrate the users and groups from my RH7 boxes (which still has some IDs below 1000) to my RH8 box. I decided to export all the passwd files into json and then import them with a second script on the new box. I'm new to Python so this gave me motivation to learn a bit of it. Patches welcome.
Am 22.10.2020 um 14:11 schrieb Thomas Plant:
Hi,
we are upgrading some servers from C6 to C7 with a lot of user accounts on them (UID>=500). CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs.
Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I could just grep the users out from passwd/shadow/group files and append them to the Centos7 passwd/shadow/group files. Can this do any damage to CentOS7 later on? Thinking about updates....
Thanks, Thomas _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Thanks, for the hints.
Think I will go the lazy way and adapt login.defs. ;-)
Greetings, Thomas
On Thu, 2020-10-22 at 15:13 +0200, Thomas Plant wrote:
Am 22.10.2020 um 14:11 schrieb Thomas Plant:
Hi,
we are upgrading some servers from C6 to C7 with a lot of user accounts on them (UID>=500). CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs.
Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I could just grep the users out from passwd/shadow/group files and append them to the Centos7 passwd/shadow/group files. Can this do any damage to CentOS7 later on? Thinking about updates....
Thanks, Thomas _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Thanks, for the hints.
Think I will go the lazy way and adapt login.defs. ;-)
Greetings, Thomas _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
You better don't do that: when I looked at one of my C8 boxes there were many services that require a system account (but not a global fixed one) were allocated from the top of the 500-999 range. Bite the bullet and change user accounts. to start from 1000. Especially when using NFS this may otherwise come back and bite you
On 10/22/20 3:21 PM, Louis Lagendijk wrote:
On Thu, 2020-10-22 at 15:13 +0200, Thomas Plant wrote:
Am 22.10.2020 um 14:11 schrieb Thomas Plant:
Hi,
we are upgrading some servers from C6 to C7 with a lot of user accounts on them (UID>=500). CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs.
Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I could just grep the users out from passwd/shadow/group files and append them to the Centos7 passwd/shadow/group files. Can this do any damage to CentOS7 later on? Thinking about updates....
Thanks, Thomas _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Thanks, for the hints.
Think I will go the lazy way and adapt login.defs. ;-)
Greetings, Thomas _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
You better don't do that: when I looked at one of my C8 boxes there were many services that require a system account (but not a global fixed one) were allocated from the top of the 500-999 range. Bite the bullet and change user accounts. to start from 1000. Especially when using NFS this may otherwise come back and bite you
I've been though the need of similar changes at least twice. Fist time when I was migrating servers from SunOS, where reserves UIG/GID number were 0-100, to RedHat (and CentOS) Linuxes (0-500), and the second time when Linux went up to 0-1000. In both cases the analyses what would be right thing was short, and the transition was just to find how far up to move UIDs/GIDs of existing users in the range 101-500 or 501-1000. The rest of the users stayed the same. Otherwise you may get an "unusual" for its breed system with lot of surprises in a future, especially if some new sysadmin comes to take care if the machine.
Just my $0.02.
Valeri
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Gianluca Cecchi -
Kenneth Porter -
Louis Lagendijk -
Simon Matter -
Thomas Plant -
Valeri Galtsev