[arch-general] Arch pkg user and group IDs?

Leonid Isaev leonid.isaev at jila.colorado.edu
Mon Nov 28 22:25:50 UTC 2016 

On Mon, Nov 28, 2016 at 11:04:53AM +0100, Hauke Fath wrote:
> On Sun, 27 Nov 2016 19:16:56 -0700, Leonid Isaev wrote:
> > But out of curiosity, why is it difficult to change user IDs on all files? I
> > assume that you control the storage? Isn't it just a chown -R away? For
> > example, for our NIS passwd/shadow map we use 6-digit IDs...
> 
> Because... users have files
> 
> - on their NFS home
> - on public NFS shares
> - on a partition of the local harddrive (and not necessarily limited to 
> one machine)
> - on their home on the web server
> - on their home on the mailserver
> - on their home on the computing cluster
> 
> all of which makes a change of user and group id slightly more involved 
> than a 'chmod -R'. Nothing that couldn't be done, mind you, given 
> enough round tuits - both for me and my users. 
> 
> As I said, it would have to be either a flag day (deploy a script with 
> old-new mapping to all machines involved, lock out users, shut down 
> services, run script), or piecemeal change (negociate time slot with 
> user, log them out, annoy other users because you have to temporarily 
> disable imap and smtp services, run said script). Both would need to be 
> planned, communicated and negociated, and so take more time than I have.

OK, if this is not an option, then I you have few options, but all of the suck:
1. Just go over your /etc/passwd, /etc/group etc. and manually assign UID/GID
   to systemd* users. The hope is that packages won't install new users. Also,
   put /usr/lib/sysusers.d in a version control, so you can track changes. And
   of course, change your login.defs appropriately. Systemd won't read it, but
   other programs might.
2. If this is too hackish for you, then override files in /usr/lib/sysusers.d/
   by copying them to /etc/sysusers.d and putting fixed UIDs there. Of course,
   /etc/passwd et all need to be fixed manually, as above.
3. Rebuild systemd with a proper login.defs... Keep in mind though, that new
   stable releases of systemd are almost always broken in one way or another...
4. Reopen the bugreport mentioned in this thread and try to bring LP back to
   earth. Good luck with that though, in my experience it is impossible :)

If I were you, I'd choose (1) but create every new user in a high-numbered IDs,
so hopefully in some time, you can drop the hack.

HTH,
-- 
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6  20DF 9291 EE8A 043C B8C4
                  C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D

More information about the arch-general mailing list