On 04/17/2013 09:12 AM, Marc Chamberlin wrote:
In my effort to upgrade our servers to openSuSE12.3, I have yet again encountered a problem that required a lot of time to debug and track down. This has plagued me and frosted my tootsies before... I often copy data (whole directory trees) that is required for various servers from an older OS into the realm of the new OS that I am upgrading to. For example, the MySQL databases, the Apache and Tomcat web site data, James mail data, etc. In the process user and group ID's from the old version of files can "change" because the underlying integer value - UID/GID - for these IDs is different for the two different OS versions. This in turn can lead to hard to debug security problems. Yes, you should try to avoid UID/GID changes.
It seems to me that when installing a new version of openSuSE, there ought to be a way to import the /etc/passwd and /etc/group files from an older OS into the new OS BEFORE anything gets actually installed. In that way, the underlying integer UID/GID could be kept consistent and not lead to problems that can/will result if/when a particular user/group identifier changes in value. If there is a way to do this, I was unable to find it in the documentation or via Google, so pointers will be much appreciated.
Or perhaps, is there a tool that can merge and update a system, and all its files, from one set of /etc/passwd and /etc/group files into another set? Again, I am not able to find a tool that does it.... I know that I can use YaST to change the UID/GID for each user or group ID individually, and it seems to work OK, but gets tedious. Hoping there a better way? useradd/groupadd have options to create the account with a specified uid and gid, instead of the default (just taking the next free one).
If you know /etc/{passwd,shadow,group,gshadow} well enough - btw, there are manpages for that ;-) -, i.e., if you know what you're doing, then you could just copy the relevant lines from the old system to the new one. Clashing numbers/names have to be avoided, of course.
Have a nice day, Berny Thanks Berny for taking the time to reply, and yes how I KNOW that UID/GID changes can be a problem! ;-) I don't know about a file called gshadow, nor do I have any man pages on it, but I am aware of the other relevant files - passwd, shadow, and group and have studied the man
On 4/17/2013 12:48 AM, Bernhard Voelker wrote: pages for each. The approach you suggested, to change the actual entries in the passwd and group files to reflect the UID/GID that I would want for each ID will not work, if it is done after the fact that files and directories have already been created and installed. And I don't know of a tool that will use these sort of edits/changes and update all the files and directory properties, throughout the entire file system, to reflect the changes made to the UID/GID within the passwd and group files. As I mentioned YaST does do it, but as far as I know, only on an individual per ID basis, not wholesale, which makes it tedious to use. Thanks for the nice day wish, it IS a nice day today here in Washougal, Washington! You too! Marc.. -- "The Truth is out there" - Spooky -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org