[SOLVED] Consolidating UID's and GID's on the network

[blnl]

There is inconsistency between UID's and GID's at different machines on my network. Therefore I have plenty of files where user group attributes are represented by numbers. For example:

Code:

-rw-r-----   1 503   702        25074 Jun  8  2005 wavescan.xml
-rw-r-----   1 boris users    1803308 Jan 12  2007 measurement.csv

On my openSUSE machine /etc/passwd contains the following user definition:

Code:

boris:x:1000:100:Boris User:/home/boris:/bin/bash

On my Fedora machine is the same user defined as:

Code:

boris:x:500:500:Boris User:/home/boris:/bin/bash

And on the NAS this user is defined as:

Code:

boris:x:503:702:Boris User:/home/boris:/bin/bash

What would be the easiest way to consolidate UID's and GID's on all machines?

1. manualy editing /etc/passwd and /etc/group files
2. using commands such as usermod, groupmod, chown, chgrp

What are potential risks of doing such such operation?
Any other thoughts/guidelines are welcome too.
I would prefer not to make some fatal mistakes here.

[Rubberman]

The only way to do this is with a directory server such as YP (Yellow Pages) or LDAP.

[blnl]

Yesterday I tried it out on my openSUSE machine.

I followed the instructions from Linux: Changing UIDs and GIDs for a user by Stuart Colville
These are the exact steps that I performed:

1. su root
2. init 1
3. usermod -u 502 boris
4. groupmod -g 702 users
5. shutdown
6. boot from gparted-liveCD
7. mount local ext3 partitions (/ and /home)
8. find . -user 1000 -exec chown -h 502 {} \; (executed on each partition)
9. find . -group 100 -exec chgrp -h 702 {} \; (executed on each partition)
10. check UID GID in /etc/passwd and /etc/group (manually correct if necessary)

I rebooted the machine and so far openSUSE works normally . Also when I NFS mount my NAS, I'm really the owner of all remote files (this saves a lot of headache for me). Now I can do anything with my remote files as if I mounted a local partition.

For some reason the original instructions did not work out for me. I'm not sure why, but

Code:

find / -user 1000 -exec chown -h 502 {} \;

took endless time, it never finished. After 1 hour of waiting, I decided to abort the operation. That is the reason why I had to continue from gparted-liveCD.

The next step:
I have to do the same on my Fedora machine, only I'm not sure if SELinux will like this .
There is only one way to find out!

[blnl]

Yesterday I fixed my other openSUSE machine.

The following will do all changes in the /etc/passwd and /etc/group.

Code:

usermod -u 502 boris
usermod -g 702 boris
groupmod -g 702 users

After this manual editing is not needed any more. Besides usermod changes the ownership of the /home files too.


Still I had to boot from gparted-liveCD to finish the job.
In order return the ownership of all previously owned files, following must be executed on each linux partition.

Code:

find . -user 1000 -exec chown -h 502 {} \;
find . -group 100 -exec chgrp -h 702 {} \;

Once more the operation was successful, openSUSE system seems to work normally .

[Rubberman]

That is good - basically what I was saying about the need to change user/group ids to a common set, and then modifying all related files/directories to the correct user+group. You will probably find stuff not working from time to time because of the files+directories that you missed. Also, if you add a user to your systems, you will have to deal with their uid/gid as well, though that is a lot easier when you first create them. One last thing, installing some software also installes a group and/or user, such as Oracle, which will install several of both such as users = (oracle), groups = (dba, oinstall, oper, oracle).

[blnl]

So far I'm the only user on this system, and this change is limited to that user only.
I hope that installing other software is not going to cause any problems. If that occurs I'll have to deal with it.

At this point in time, I'm only concerned about the user access to my NAS space. My goal is now achieved, at least for openSUSE machines the NAS issues are fixed.
(In one of the previous threads I discussed the problem of OpenOffice freezing when opening documents stored on the NAS. As a workaround I used to mount my NAS with nolock option. Now I don't have to do that since everything works normally.)

[blnl]

I have to do the same on my Fedora machine, only I'm not sure if SELinux will like this .
There is only one way to find out!

Finally, I did it for my Fedora machine too. Once more the UID and GID are changed successfully .