Hello everyone -
Update: Many thanks to Matt Miller for the tip on usermod options. That worked very well! I did not know those options existed and would never have thought to look for them.
After making and testing backups, I started with my main workstation. Rebooted in runmode=3, then ran the usermod -u and -g options. I did this in two runs. I first had to uninstall docker since it had taken over GID=1000. No big deal, I am not using it. After the usermod programs ran, I then did a "find -uid=500" with an exec option to change ownership. Repeat for changing GID. It found a few dozen files that were not in my home directory.
Rebooted main workstation. Everything came back up, no errors. So far after about a day of use it is working just fine.
On the server I ran the two "find" commands against the entire file system. It took about half an hour to run. No surprise there as it was finding and changing several hundred thousand files. I ran the uid change in one terminal and the gid change in another. Between the two of them they consumed about 90% on both processor cores.
I did not reboot the server since I made no changes to the user account on it.
Testing from several workstation - everything gets the permissions I expect. A few odd things that used to get blocked are now working. WooHoo!
With all that done I made a fresh complete backup of the server. That backup should have all the new uid and gid associations in it.
Next step is to revert to more sensible permissions. No more 777 and 666. That will take a while. It's not critical, so I will do it in spare (!) time.
Thanks!
--
Bill Gee
On Thursday, February 14, 2019 11:45:33 AM CST Matthew Miller wrote:
> On Thu, Feb 14, 2019 at 11:04:11AM -0600, Bill Gee wrote:
> > I think I can do this in two steps.
> > 0) backup, backup, backup!
>
> This is already running and you've tested the restore process, right?
>
> > 1) On the server - use "find" to find all files owned by UID=500. Chown
> > them to UID=1000. Repeat for gid=500.
>
> Yes.
>
> > 2) Tricky - On the workstation, boot to non-gui. Login as root. Repeat the
> > same two "find" commands as on the server. Edit the /etc/passwd and
> > /etc/group files to show the new UID and GID numbers.
>
> Yes. Although order does not matter -- personally I'd make the account
> change first.
>
> Also, you can use `usermod -u` and `usermod -g` (possibly both at once) and
> this will correctly change ownership of all files in the home directory
> (but not outside of that).
>
> > What does this do to the shadow files? Are there other places I need to
> > look for the UID and GID numbers?
>
> shadow (and gshadow) are name based, so shouldn't be a problem. You may need
> to change some spool files in /var in addition to in /home.
>
> Nothing else *should* be using the numeric values. (Possibly some tar
> files?)
>
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
