![[LWN Logo]](/images/lwn.banner.gif)
To: RedHat Development Mailing List <redhat-devel-list@redhat.com>
Subject: MASSIVE headaches with new >100 GIDs in RH6.0
Date: Thu, 19 Aug 1999 17:49:28 +1000
From: Tony Nugent <Tony.Nugent@usq.edu.au>
I *really* need an answer to this from someone at RedHat.
RH6.0 introduces a new set of GIDs in /etc/group which includes 101
(console) and 102 (utmp).
Not to mention other weirdness such as "user" xfs (group "xfs") which
has been given the honour of uid.gid = 100.233 (huh???)
This seeming simple issue has now hit us here in the face pretty hard,
and we are facing some BIG logistical problems as a result. We are
not at all impressed. (In fact, I've mentioned this before in a
previous message to this list).
The problem is that we have, for a _long_ time, been using GID 101 =
"staff" and 102 = "students" (103 = "postgrad" etc). This is on
_dozens_ (hundreds?) of unix client boxes, and more than a dozen
heavily used unix servers. We have a mixed environment here - sun,
hp, solaris, linux (mostly intel, a few alpha and sparc), alpha
(dec/tru64), etc. (And hundreds of windows boxes of course, but this
issue is of little concern here with samba - thank goodness! :)
The problem is that the server boxes are doing some heavy-duty
NIS'ing, SAMBA file serving and NFS exporting of home and other
"teaching subject related" directories (eg, from our linux web
server). If the GIDs and UIDs don't match at each end, then you get
permission denied for any writes. OUCH! Especially for home
directories.
There are several solutions to this problem...
1 - change the GIDs (and some UIDs) on *every* new RH6.0 installation or
upgrade. (Messy and very inconvenient).
2 - make the server boxes export specific directories with specific
ownerships. (Tricky at best, especially on some of the non-linux
boxes. I assume that the ugidd daemon is now "defunct", but we
don't want to start running that anyway).
3 - change all the user account GIDs on all our boxes here to get them
out of the 100-199 range. (Ugly and painful... eg, ever tried
doing this for several hundred users with NIS+ over several
domains on sparc server boxes running solaris? It's not much
fun).
Our inclination is to go with option 3 - change all the user GID
numbers everywhere, once and for all.
However, before we do this, we NEED to know:
- will RH6.1 change all the system-used GIDs to a range _below_ 100?
If so, what will these changes be?
IMHO, this is the BEST solution. (Hrrmph - it shouldh't have
happened in the first place, see below). If this back-peddle is in
the wind, then it's only RH6.0 installs that we will need to worry
about.
- what GID and UID range will redhat PROMISE not to "invade" and cause
hassles in the future? (The xfs values that are used make me
"nervous"...)
For example, if we change all the 101's to, say, 111 or 201, what is
the guarantee that sometime in the future these numbers won't be
used so we have to go through this pain again?
- if we go with option 1, it will mean doing something like this after
*each* install that we do here:
find / -gid 101 -exec chgrp 201 {} \;
perl -spi -e 's,:101:,:201:,' /etc/group
(similar thing to /etc/passwd)
Question is... will doing this break anything? For example, are
these GIDs hard-coded into any important system utilities? (They
shouldn't be - that would be a very bad thing indeed - but I have to
ask this anyway).
Why the decision was taken to use GID's (and some UIDs) above 100 for
system-related "users" is beyond me - a very bad and short-sighted
decision, with no real consideration of the consequences of doing
this. Especially when there are dozens of GID numbers available below
100. (So RedHat -- consider yourselves very severely chastised :)
The essence of upgrading should be - in most cases - to embrace the
"principle of least suprise". (Exceptions to the rule, of course...
nice suprises are always welcome:)
Don't get me wrong - I really like redhat distributions, but doing
fundamental things like this without much consideration of the
implications for everyone else leaves a very bad taste in my mouth.
One last point... I have never seen a CHANGES file that lists the
changes between redhat distributions. If one exists, can someone tell
me the URL? If no such documentation exists, then it should.
I earnestly await a reply (privately or publically) from one of the
good folks from RedHat to let me know of the best path to take to
solve this problem we have here. Hopefully this suprise - or anything
similar - will never happen again.
Thanks.
Cheers
Tony
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
Tony Nugent <Tony.Nugent@usq.edu.au> <linux@usq.edu.au>
Computer Systems Officer Faculty of Science
University of Southern Queensland, Toowoomba Oueensland Australia
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
--
To unsubscribe:
mail -s unsubscribe redhat-devel-list-request@redhat.com < /dev/null