[tech] Group/GID changes

David Adam zanchey at ucc.gu.uwa.edu.au
Sun Nov 9 00:14:25 AWST 2014 

Wth the move to Molmol, one of the longstanding warts of our current 
authentication setup reared its head again: the conflict between system 
and LDAP user & group numeric identifiers (UIDs and GIDs).

Basically, most systems (including Debian) expect that there are some GIDs 
which are used for one purpose, and we use them for another. For example, 
'gumby' (our general user group) is GID 21, which Debian expects to 
actually be 'fax'. Mostly we have been hacking around this and hoping.

---

I've made the following changes:

committee group moved from GID 69 to 10069, all files in /home, /away and 
/services chgrped to the new ID.

phpbb group moved from GID 22 to GID 11902 (same as the UID phpbb) and all 
files in /services/phpbb chgrped to the new ID. (Incidentally, the forum 
was broken already.)

flame user moved from UID 26 to 10026 - files in mooneye:/usr/flame annd 
/services chowned.

Removed xyzzy user (UID 66) - the files in [BBB]'s home directory were 
chowned back to him.

Removed lists user (UID 67) - spam only in /home/mail/lists, no other 
files.

mailman user and group moved from UID/GID 68 to 10068, and all files in 
/home/other/mailman and mooneye:/usr/local/mailman chowned to the new 
users, and `check_perms -f` run.

oracle group moved from GID 88 to GID 10088, and all files in 
/home/other/oracle chgrped to the new ID. (Oracle was the UCC Knowledge 
Base. Amazing.)

Removed coke (GID 28) - members were john, mtearle, andrew, gozzarda, 
matches and coke. All files (mostly belonging to [TPG]) chgrped to wheel. 
The user accounts `coke` and `netincome` (both UID 28) were set to GID 70 
(other).

Removed coke-old (GID 26), teambeer (GID 12345) and noaccess (GID 60002) - 
no group members and no files in these groups.

Removed mp3pp (GID 66) - no group members and no files with that group 
ownership. I note /services/mp3pp still exists, does anyone know what it 
is?

Removed irc (GID 6667) - no files in this group, only members were rod 
(account has been removed) and [TRS] (who can undo the damage if he needs 
to). I also archived a bunch of old IRC servers in /services/ (irc, 
irc-new and irc-ipv6).

Removed usrlcsrc (GID 43) - all the files in this group actually belong to 
the group 'wtmp' (also GID 43). This group has been at UCC since at least 
2002[1] and it doesn't seem to do anything any more.

Removed adduser (GID 123457) - an old version of ucc-adduser belonged to 
this group, but it had no members and was not SGID. I chgrped it to wheel 
and removed the group.

Removed angband (GID 44) - no files, and the only members were [TRS] and 
[MST].

---

Notably, I am yet to fix the mess with the following groups:

gumby:x:21
www-data:x:101
other:x:70

Anyone who wants to give it a shot is most welcome.

David Adam
zanchey at ucc.gu.uwa.edu.au

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=130558

More information about the tech mailing list