UID/GID CentOS 6 To CentOS 7
Hi,
we are upgrading some servers from C6 to C7 with a lot of user accounts on them (UID>P0). CentOS 7 has MIN_UID/MIN_GID 1000, CentOS 6 has 500 in login.defs.
Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I
could just grep the users out from passwd/shadow/group files and append them to the CentOS7 passwd/shadow/group files. Can this do any damage to CentOS7 later on? Thinking about updates….
Thanks, Thomas
7 thoughts on - UID/GID CentOS 6 To CentOS 7
reading official doc here for upstream:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-managing_users_and_groups
”
Important
The default range of IDs for system and normal users has been changed in Red Hat Enterprise Linux 7 from earlier releases. Previously, UID 1-499 was used for system users and values above for normal users. The default range for system users is now 1-999. This change might cause problems when migrating to Red Hat Enterprise Linux 7 with existing users having UIDs and GIDs between 500 and 999. The default ranges of UID and GID can be changed in the /etc/login.defs file.
“
and also here:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/migration_planning_guide/chap-red_hat_enterprise_linux-migration_planning_guide-major_changes_and_migration_considerations#sect-Red_Hat_Enterprise_Linux-Migration_Planning_Guide-System_Management-Changes-to-system-accounts
”
The default ranges of UID and GID can be manually changed in the
/etc/login.defs file.
”
It seems you can safely change the settings in your CentOS 7 system. I
think no new effective system users/groups already occupying the new range slots… HIH, Gianluca
When I did an upgrade from CentOS 5 to 7 I found that even a standard install of CentOS 7 already used a number of GIDs in the range of 500-999.
In the end I decided to rearrange all users to new UIDs/GIDs and converted all storage with a script.
The tricky part was to find a way which doesn’t take ages to convert storage. Doing so with find…. wasn’t possible for performance reasons.
Attached script was used to convert every user. It was the fastest way I
found. The script was started in background for every user.
Regards, Simon
Looks like attachments are stripped from the mail, so here is the script embedded:
—-%<--
Am 22.10.2020 um 14:11 schrieb Thomas Plant:
Thanks, for the hints.
Think I will go the lazy way and adapt login.defs. ;-)
Greetings, Thomas
I’m rsyncing to an RH8 box for backup (it will eventually become the production box), and rsync maintains usernames even when the numeric IDs are different. So I cobbled together some Python scripts to migrate the users and groups from my RH7 boxes (which still has some IDs below 1000)
to my RH8 box. I decided to export all the passwd files into json and then import them with a second script on the new box. I’m new to Python so this gave me motivation to learn a bit of it. Patches welcome.
https://github.com/SpareSimian/user-group-migration
You better don’t do that:
when I looked at one of my C8 boxes there were many services that require a system account (but not a global fixed one) were allocated from the top of the 500-999 range. Bite the bullet and change user accounts. to start from 1000. Especially when using NFS this may otherwise come back and bite you
I’ve been though the need of similar changes at least twice. Fist time when I was migrating servers from SunOS, where reserves UIG/GID number were 0-100, to RedHat (and CentOS) Linuxes (0-500), and the second time when Linux went up to 0-1000. In both cases the analyses what would be right thing was short, and the transition was just to find how far up to move UIDs/GIDs of existing users in the range 101-500 or 501-1000. The rest of the users stayed the same. Otherwise you may get an “unusual”
for its breed system with lot of surprises in a future, especially if some new sysadmin comes to take care if the machine.
Just my $0.02.
Valeri