UID/GID Migration Vom C6 To C8

Home » CentOS » UID/GID Migration Vom C6 To C8
CentOS 2 Comments

Hello.

We have to migrate an old CentOS 6 to CentOS 8. C6 has UID/GID starting at number 500. I the Users should possibily keep the existing UID/GID as on the old system.

I changed on the CentOS 8 system, in /etc/login.defs, the lines UID_MIN/SYS_UID_MAX and GID_MIN/SYS_GID_MAX:

#
# Min/max values for automatic uid selection in useradd
#
UID_MIN                   500
UID_MAX                 60000
# System accounts SYS_UID_MIN               201
SYS_UID_MAX               499

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN                   500
GID_MAX                 60000
# System accounts SYS_GID_MIN               201
SYS_GID_MAX               499

and extracted all users and groups with UID/GID greater than 499 from the old system and inserted in the corresponding files
(passwd/groups/shadows) on the new system.

So wanted to ask if this is a valid thing to do? Especially regarding security of the new system. Can it create problems in the future
(updates etc.)?
It is a simple LAMP server.

Thanks, Thomas

2 thoughts on - UID/GID Migration Vom C6 To C8

  • I was in a similar situation but on a quite large application server with hundreds of users. I quickly found that I don’t want to fiddle with UID/GID settings so I
    decided to change all users on the CentOS 6 host before migrating any data. I’ve created a script which uses `chown’ to recursively change UIDs and GIDs. I don’t remember exactly but I think I made it run for every user in parallel and it finished quite fast considering the fact that it had to traverse the whole storage consisting of millions of files. I could then later just rsync everything to the new box without ant UID/GID conversion. See below for the script `chuidgid’.

    Regards, Simon

    —-%<----- #!/bin/bash if (( $# < 4 )); then echo "Usage: $0


    [    …]”
    echo “Example: $0 user1 1000 \”\” /tmp /etc /usr /opt /var /home”
    echo
    echo “Important: this needs to run before changing any uid/gid!”
    exit 1
    fi

    USR=”$1″
    NEW_UID=”$2″
    NEW_GID=”$3″

    shift 3
    DIRS=$@

    OLD_UID=$(id -u “$USR”)
    OLD_GID=$(id -g “$USR”)

    if [[ -z “$NEW_GID” ]]; then
    NEW_GID=”$NEW_UID”
    fi

    echo “modifying user $USR ids ${OLD_UID}:${OLD_GID} ->
    ${NEW_UID}:${NEW_GID} on $DIRS”

    # Note: usermod changes ownership of at least $HOME and
    /var/spool/mail/${USR}
    groupmod -g “$NEW_GID” “$USR”
    usermod -u “$NEW_UID” -g “$USR” “$USR”

    chown –changes –silent –no-dereference –preserve-root –recursive
    –from=”:${OLD_GID}” “:${NEW_GID}” $DIRS
    chown –changes –silent –no-dereference –preserve-root –recursive
    –from=”${OLD_UID}” “${NEW_UID}” $DIRS
    —-%<-----

  • rsync by default copies by name, not UID/GID. So you can let the new system assign numbers based on the new limits and let rsync do the conversion.

    You could also just keep the old numbers. AFAIK, no numbers in the
    500-999 range have been globally registered. Create your users with their old IDs on a minimal system before installing any optional packages that might try to allocate a system UID from the same range. Then the optional packages will allocate from any “holes” in that range.

    Other UID ranges you want to dodge are listed here:

    https://en.wikipedia.org/wiki/User_identifier