Hello. We have to migrate an old Centos 6 to Centos 8. C6 has UID/GID starting at number 500. I the Users should possibily keep the existing UID/GID as on the old system. I changed on the Centos 8 system, in /etc/login.defs, the lines UID_MIN/SYS_UID_MAX and GID_MIN/SYS_GID_MAX: # # Min/max values for automatic uid selection in useradd # UID_MIN?????????????????? 500 UID_MAX???????????????? 60000 # System accounts SYS_UID_MIN?????????????? 201 SYS_UID_MAX?????????????? 499 # # Min/max values for automatic gid selection in groupadd # GID_MIN?????????????????? 500 GID_MAX???????????????? 60000 # System accounts SYS_GID_MIN?????????????? 201 SYS_GID_MAX?????????????? 499 and extracted all users and groups with UID/GID greater than 499 from the old system and inserted in the corresponding files (passwd/groups/shadows) on the new system. So wanted to ask if this is a valid thing to do? Especially regarding security of the new system. Can it create problems in the future (updates etc.)? It is a simple LAMP server. Thanks, Thomas
> Hello. > > We have to migrate an old Centos 6 to Centos 8. C6 has UID/GID starting > at number 500. > I the Users should possibily keep the existing UID/GID as on the old > system. > > I changed on the Centos 8 system, in /etc/login.defs, the lines > UID_MIN/SYS_UID_MAX and GID_MIN/SYS_GID_MAX: > > # > # Min/max values for automatic uid selection in useradd > # > UID_MIN?????????????????? 500 > UID_MAX???????????????? 60000 > # System accounts > SYS_UID_MIN?????????????? 201 > SYS_UID_MAX?????????????? 499 > > # > # Min/max values for automatic gid selection in groupadd > # > GID_MIN?????????????????? 500 > GID_MAX???????????????? 60000 > # System accounts > SYS_GID_MIN?????????????? 201 > SYS_GID_MAX?????????????? 499 > > and extracted all users and groups with UID/GID greater than 499 from > the old system and inserted in the corresponding files > (passwd/groups/shadows) on the new system. > > So wanted to ask if this is a valid thing to do? Especially regarding > security of the new system. Can it create problems in the future > (updates etc.)? > It is a simple LAMP server.I was in a similar situation but on a quite large application server with hundreds of users. I quickly found that I don't want to fiddle with UID/GID settings so I decided to change all users on the CentOS 6 host before migrating any data. I've created a script which uses `chown' to recursively change UIDs and GIDs. I don't remember exactly but I think I made it run for every user in parallel and it finished quite fast considering the fact that it had to traverse the whole storage consisting of millions of files. I could then later just rsync everything to the new box without ant UID/GID conversion. See below for the script `chuidgid'. Regards, Simon ----%<----- #!/bin/bash if (( $# < 4 )); then echo "Usage: $0 <username> <new uid> <new gid | \"\" = uid> <dir> [<dir>...]" echo "Example: $0 user1 1000 \"\" /tmp /etc /usr /opt /var /home" echo echo "Important: this needs to run before changing any uid/gid!" exit 1 fi USR="$1" NEW_UID="$2" NEW_GID="$3" shift 3 DIRS=$@ OLD_UID=$(id -u "$USR") OLD_GID=$(id -g "$USR") if [[ -z "$NEW_GID" ]]; then NEW_GID="$NEW_UID" fi echo "modifying user $USR ids ${OLD_UID}:${OLD_GID} -> ${NEW_UID}:${NEW_GID} on $DIRS" # Note: usermod changes ownership of at least $HOME and /var/spool/mail/${USR} groupmod -g "$NEW_GID" "$USR" usermod -u "$NEW_UID" -g "$USR" "$USR" chown --changes --silent --no-dereference --preserve-root --recursive --from=":${OLD_GID}" ":${NEW_GID}" $DIRS chown --changes --silent --no-dereference --preserve-root --recursive --from="${OLD_UID}" "${NEW_UID}" $DIRS ----%<-----