On Wed, Sep 16, 2009 at 10:17:26AM -0400, Robert P. J. Day wrote:
> On Wed, 16 Sep 2009, Sjoerd Hardeman wrote:
>
> > Kept thinking a bit longer: are the uids and gids of daemon users
> > actually determined during install? My experience is that these
> > users actually preserve their uid over installations quite well.
>
> nope. for example, on the old system, openldap account has a UID of
> 114. on new system, 105. numerous other daemon UID differences as
> well. so a straight copy isn't going to work here. this just gets
> trickier and trickier.
if you have coped over the passwd/group/shadow file they should align
up, package should check to see if the uid/gid exists before creating
new ones. the only time this doesn't happen is when you do a new
install and the first packages are installed - you can't get the
passwd/group files over before then (maybe that should be a bugreport!)
any way I use this little script to check and modify GID - it creates a
bunch of shell commands to execute
changeGID.sh
#!/bin/dash
if test -z "$1" || test -z "$2"
then
echo "usage:"
echo "\tchangeGID.sh oldGroupId newGroupId"
exit 1
fi
OLDGID="$1"
NEWGID="$2"
WRKFILE=${WRKFILE:-'/tmp/wrkfile'}
GIDN="$(cut -d : -f -3 /etc/group | grep -e ":${OLDGID}\$" | cut -d : -f -1)"
if test -z "$GIDN"
then
echo "Unable to find groupid for $OLDGID"
exit 1
fi
echo "Workfile is at $WRKFILE"
echo "======================="
echo "About to change gid $OLDGID to $NEWGID"
echo "======================="
echo "# made $(date -R)"> $WRKFILE
echo "# Changing $OLDGID to $NEWGID">> $WRKFILE
echo "# Group: $GIDN">> $WRKFILE
echo >> $WRKFILE
echo "Update /etc/group"
echo "# update /etc/group file">> $WRKFILE
echo 'perl -i.bak-'$GIDN'-'$OLDGID'-'$NEWGID' -pe "s/^'$GIDN':([^:]*):'$OLDGID':/'$GIDN':\\1:'$NEWGID':/" /etc/group' >> $WRKFILE
echo >> $WRKFILE
echo "Update /etc/passwd"
echo "# update /etc/passwd file">> $WRKFILE
echo 'perl -i.bak-'$GIDN'-'$OLDGID'-'$NEWGID' -pe "s/^([^:]*):([^:]*):([^:]*):'$OLDGID':/\\1:\\2:\\3:'$NEWGID':/" /etc/passwd' >> $WRKFILE
echo >> $WRKFILE
echo "Finding Files to change"
echo "# files that need to change owner">> $WRKFILE
echo "# ignores /exports & /home">> $WRKFILE
find / \( -type d -iregex "^\(/home\|/exports\|/proc\)" -prune \) -o \( -gid $OLDGID -printf "chgrp $NEWGID %p\n" \) >> $WRKFILE
echo >> $WRKFILE
echo "finished with $WRKFILE"
i usually run it like ./changeGID.sh 101 102 > /tmp/doit.sh
then check doit.sh and then run it sh /tmp/doit.sh
here is the uid one
#!/bin/dash
if test -z "$1" || test -z "$2"
then
echo "usage:"
echo "\tchangeUID.sh oldUserId newUserId"
exit 1
fi
OLDUID="$1"
NEWUID="$2"
WRKFILE=${WRKFILE:-'/tmp/wrkfile'}
UIDN="$(cut -d : -f -3 /etc/passwd | grep -e ":${OLDUID}\$" | cut -d : -f -1)"
if test -z "$UIDN"
then
echo "Unable to find userid for $OLDUID"
exit 1
fi
echo "Workfile is at $WRKFILE"
echo "======================="
echo "About to change uid $OLDUID to $NEWUID"
echo "======================="
echo "# made $(date -R)"> $WRKFILE
echo "# Changing $OLDUID to $NEWUID">> $WRKFILE
echo "# User: $UIDN">> $WRKFILE
echo >> $WRKFILE
echo "Update /etc/passwd"
echo "# update /etc/passwd file">> $WRKFILE
echo 'perl -i.bak-'$UIDN'-'$OLDUID'-'$NEWUID' -pe "s/^'$UIDN':([^:]*):'$OLDUID':/'$UIDN':\\1:'$NEWUID':/" /etc/passwd' >> $WRKFILE
echo >> $WRKFILE
echo "Finding Files to change"
echo "# files that need to change owner">> $WRKFILE
echo "# ignores /exports & /home">> $WRKFILE
find / \( -type d -iregex "^\(/home\|/exports\|/proc\)" -prune \) -o \( -uid $OLDUID -printf "chown $NEWUID %p\n" \) >> $WRKFILE
echo >> $WRKFILE
echo "finished with $WRKFILE"
similar principle
Alex
>
> rday
--
Linux, the way to get rid of boot viruses
-- MaDsen Wikholm, mwikholm@at8.abo.fi
Attachment:
signature.asc
Description: Digital signature