In /etc/group there is a group users with numerical group ID 100. When I install RHEL 7,8, or 9 it **does not** allow me to create the initial user with a primary group ID of 100. The GUI always snaps back to 1000 which creates a new group having the username as a new group name. I do not like that. Why does the RHEL installer (and presumably any other currently), not allow you to set that user's primary GID at install time to gid=100? I have the assumption it is ok to have some ~50+ local users on the system defined in /etc/passwd all having a gid of 100 users. Is there any downside to this? What is the convention and history of gid 100 *users* ? Does users having a low gid (100) versus 1000 and above pose any kind of problem?

I have a piece of equipment running a yocto build. This build includes services like ssh-server, mysql, and ntp, with each run as their own users. mysql is UID 999, sshd is UID 998, etc. In my latest yocto build, a new user called messagebus was added with UID 999. So now mysql is 998, and sshd is 997. This will break my system if I upgrade to it, because there is a variable partition with things like database files, which mysql needs access to, and are owned by UID 999. How can I tell yocto which UIDs and GIDs I want to use for those services? I'm finding a lot of information on how to do it for new recipes that I create, but not how to do it for existing recipes. I tried turning on

= "useradd-staticids"

in my local.conf, but that didn't do anything. It seems those recipes don't have the needed passwd and group files because when I also turned on

= "error"

, I was getting errors for those services. I tried to create a recipe for mariadb that just did

:prepend := "${THISDIR}/files:"

and then I had files passwd and group that had

:x:999:999::/var/mysql:/bin/false

and

:x:999:

respectively. I compiled this, and it built, but the rootfs

/etc/passwd

file still had 998 as the UID. Any ideas? Ideally I'd like to manage all this with just one file, but I'll have separate bbappends for each recipe if I have to do it that way.

I am currently rebuilding a Linux system, migrating to a new distribution (Ubuntu 24.04). I have one disk which holds several terabytes of user data, which I want to keep. The disk holds a btrfs filesystem with read-only snapshots, which limits my options when it comes to adapting the disk contents (I can’t easily change the read-only snapshots). Now the new Linux distribution, by default, comes with some groups which have IDs starting at 1000 and which have permissions on the system. These, however, are identical with group IDs I used in my old installation and which have permissions on the btrfs filesystem. Due to the read-only snapshots, I can‘t easily update group IDs on the user data. I’ve been pointed to ID-mapped mounts, but no useful instructions on how to use them. Can I map the filesystem in such a way that filesystem gid 1000 corresponds to, say, system gid 1024? How would I enter that in /etc/fstab so the filesystem is mounted on boot?

The [ArchWiki - rsnapshot page](https://wiki.archlinux.org/title/rsnapshot) mentions creating multiple users with uid and gid set to 0 as a means of creating users that login remotely to perform backups. >One thing you can do to mitigate the potential damage from a backup server breach is to create alternate users on the client machines with **uid** and **gid** set to 0, but with a more restrictive shell such as scponly. I assume that the purpose is to give those accounts the read-write-execute permissions of the root user with the proviso their login shell gives them reduced rights. Does that mean that even if accounts have the same gid and uid they are still distinguished by account name and having the same gid and uid gives them same access rights that ?

I have a friend who works at a business where the IT guy has passed away and I am trying to help them until they can hire someone else. It is a workgroup networked with a Linux server. They recently hired a new employee who is needing access to their file share. I have never used Linux but tried to create a user but he can not access the file share. When he tried to access the server \\server1 he of course can not connect to it. Here is where I'm at so far. I created a user on their server name chris and added him to what I believe are the groups. The user cary is set up correctly and can access the file share so I am trying to copy his access. The following is the id chris and id cary and what I think may be the issue. uid=1010(cary) gid=100(users) groups=100(users),101(cad),1005(samba) uid=1035(chris) gid=1035(chris) groups=1035(chris),100(users),101(cad),1005(samba) I see chris has the first gid of 1035 so I'm assuming it needs to be changed to 100. He then has groups=1035(chris) that shouldn't be there at all? Any help would be appreciated! Thanks!

In Root Explorer I have the option 9997-everybody and 9999-nobody. If I change the owner of any file to everybody:everybody, will it be fully editable by all users? This user does not exist on the Ubuntu/Linux system, does its existence have any meaning?

Which command (available in distro repositories) should I use start a shell with specified numeric uid, gid and groups? Typically su is used to change from root to other user, but it tries to look up groups by names, which may not exist when external filesystems, namespaces and Docker containers are in use. I expect it to be a simple app that just does setgroups(2), setgid(2), setuid(2) and execve(2), without any /etc/passwd or nsswitch. It is easy to implement such a program in C, but maybe something standard and distro-available is used for this use case?

I am tasked with reassigning a static group id (gid) to an existing group name that exists on multiple Linux servers. E.g. the group name foo currently exists on multiple servers, but with different gids:

$ ssh server-1
$ getent group foo
foo:x:998:user1,user2

$ ssh server-2
$ getent group foo
foo:x:999:user2,user3

...given the above, my task would be to assign a new, unique gid to the group name foo on server-1 and server-2. I've found the following articles that describe changing an existing GID: 1. https://www.thegeekdiary.com/how-to-correctly-change-the-uid-and-gid-of-a-user-group-in-linux/ 2. https://unix.stackexchange.com/questions/33844/change-gid-of-a-specific-group **Question: how can I determine a "safe" number to use as the new gid?** E.g. what is a clean/efficient/correct way to determine that the new gid I choose isn't already used on any of the PCs where this change needs to be applied? Please also advise if there are other factors/considerations on picking a good/available/safe gid.

At some point where I wanted to do sudo usermod -v 1000-1000 USER sudo usermod -w 1000-1000 USER I accidentally applied both these commands to root. According to the documentation I can undo these commands by using the same options in capitals, but when I try usermod -V 1000-1000 root then I get the message: usermod: user root is currently used by process 1. Is there another way to (un)do this?

If group and user's settings are - group name: group1 - gid: 2000 - user name: user1 - uid: 2000 Some directory's permission is - Directory: /application - Owner: user1 - Group: group1 When change the gid and uid to 2001, is there any permission issue for the directory?

The file made after running Alphafold2 database is saved with root authority. As a normal user without sudo authority, how can I switch a made file from root to my own? and what if I have root access? *I know my GID.

I've this weird problem which I can't find an answer. Recently I restored a linux machine (RHEL 7.3) from the OS tar archives. Steps taken are as below: - Create OS related filesystems tar archives, store in NFS - Create a new VM, start with Cent OS DVD - Partition disk and create filesystems accordingly - Mount NFS, untar the relevant filesystems - Make the disk bootable - Boot up the new VM with the restored OS - Take care of minor problems such as NIC, etc - IP was not changed as this VM sits in an isolated network Up until this point all services started without much problem. However when I tried to ssh into this VM it failed with a "Socket error: disconnected" I went into the VM via console, run "systemctl status sshd" I was surprised to see although the sshd service was started, there're errors complaining on the key files permission.

Permissions 0640 for 'ssh_host_ecdsa_key' are too open. 
It is required that your private key files are NOT accessible by others. 
This private key will be ignored
bad permissions: ignore key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key

...
...

I checked the owner and permission of the files in /etc/ssh directory, to my surprise the group of the key files is different from the source machine. On the restored VM, (hostname edited)

[root@restored ssh]# ls -al
total 292
drwxr-xr-x.   2 root root        225 Dec 16  2017 .
drwxr-xr-x. 170 root root      12288 Dec 13 09:50 ..
-rw-r--r--.   1 root root     242153 Sep  7  2016 moduli
-rw-r--r--.   1 root root       2208 Sep  7  2016 ssh_config
-rw-------.   1 root root       4361 Sep  7  2016 sshd_config
-rw-r-----.   1 root input       227 Dec 16  2017 ssh_host_ecdsa_key
-rw-r--r--.   1 root root        162 Dec 16  2017 ssh_host_ecdsa_key.pub
-rw-r-----.   1 root input       387 Dec 16  2017 ssh_host_ed25519_key
-rw-r--r--.   1 root root         82 Dec 16  2017 ssh_host_ed25519_key.pub
-rw-r-----.   1 root input      1675 Dec 16  2017 ssh_host_rsa_key
-rw-r--r--.   1 root root        382 Dec 16  2017 ssh_host_rsa_key.pub

On the original machine (hostname edited)

[root@original ssh]# ls -al
total 292
drwxr-xr-x.   2 root root        225 Dec 16  2017 .
drwxr-xr-x. 170 root root      12288 Dec 13 09:50 ..
-rw-r--r--.   1 root root     242153 Sep  7  2016 moduli
-rw-r--r--.   1 root root       2208 Sep  7  2016 ssh_config
-rw-------.   1 root root       4361 Sep  7  2016 sshd_config
-rw-r-----.   1 root ssh_keys    227 Dec 16  2017 ssh_host_ecdsa_key
-rw-r--r--.   1 root root        162 Dec 16  2017 ssh_host_ecdsa_key.pub
-rw-r-----.   1 root ssh_keys    387 Dec 16  2017 ssh_host_ed25519_key
-rw-r--r--.   1 root root         82 Dec 16  2017 ssh_host_ed25519_key.pub
-rw-r-----.   1 root ssh_keys   1675 Dec 16  2017 ssh_host_rsa_key
-rw-r--r--.   1 root root        382 Dec 16  2017 ssh_host_rsa_key.pub

On both machines /etc/group has the below.

[root@original ssh]# grep ssh_keys /etc/group
ssh_keys:x:999:
[root@original ssh]# grep input /etc/group
input:x:997:

I changed the group for the key files and restarted sshd and the problem was solved. However this made me feel uncomfortable with the entire restoration process. These are my questions - Why would a seemingly simple tar/untar process alter the GID of files? - If so, how can we know what and how many files are altered? Many thanks for all your valuable answers. Thanks, bongsf

I have Manjaro linux on desktop and laptop. Both have the same username with UID=1000, but GID differs. GID=1000 on desktop and 1001 on laptop. Most of files are same on both machines. Sometimes I work on one, other times on another machine. I sync the files with rsync. The problem is that following rsync command copies even those files which exist on destination, just because GIDs differ:

-vazu user@desktop:~/Documents/* ./

I want to update newer files (the ones which have been modified) but not to copy the files with same modification date (i.e. unchanged files) and different GID. What is the rsync option to achieve this?

Currently, our organization has a working OpenLDAP server that we use to login to our Linux environments. However, due to the increase in Windows devices, the higher-ups have decided to migrate to an AD-focused environment. We are currently trying to set it up and running into issues with GIDs and UIDs. We do not want our users to lose access to their files and would prefer to touch the linux servers as little as possible. I have connected test servers to AD successfully via Centrify Express, but I can't seem to find a way to sync the LDAP UIDs and GIDs. Are there any options short of migrating every file for every user to the new UID? This would only matter for existing users as new users could just be created in AD.

I'm trying to set up a NFS Server on Windows to map a folder of a Unix system connected to the same network. The second step in the tutorial How to set up a free NFS server on Windows 10 (sections 4 and 5) says to edit a registry by adding the UID and GID of the Unix directory, but that system is not accessible by me to get their IDs. Is there another way to finish the map the directory so I can place a file in it from Windows (maybe some wildcard values for the registers)?

If I have a script that uses buildah mount. I use the same way the docs specify, mnt=$(buildah mount $ctr) If I invoke my script sh ./build.sh, I get > cannot mount using driver overlay in rootless mode. You need to run it in a buildah unshare session The problem is that the script doesn't terminate in the event of failure here. I can check it out by testing for if [-z $mnt]; then echo "Run with buildah-unshare; exit; fi, but this is not ideal because then I still have the prior buildah from that I'm doing for nothing. If you're trying to support rootless buildah, is there a way to ensure that you're running the buildah under buildah unshare?

I have a file owned by a different user with permissions 440. When I do ‘groups’ I don’t belong to the group of the file, but when I do ‘groups my_username’ I do. Why am I able to open the file if my current shell does not have access to the group?

I was going to mount a windows share via mount.cifs and using dir_mode. > mount -t cifs //server/share /mnt/ -o > user=username,dom=domain,dir_mode=0755,uid=510,**gid=610** This means only members of group id 610 will have access to it. But how can I add more groups? In general I am asking myself how to set more groups to files in linux? For example: > drwxrwxr-x 3 Adrian HomeGroup1 Foldername In this case only HomeGroup1 has rwx permissions. How to add more groups?

Is it possible - for a privileged process - to change the GID of another process. I know that there is the setgroups() system call that allows a process to change it's own GID. However, I want to do this from 'outside' the process (and after the PAM stack was processed). I already saw this post, but there was no real answer to the problem. Are there any reasons for not changing the GID after PAM traversal other than there might be problems with opened resources like file descriptors? I understand that opened files would still use the old GID after the change.

I have some file image of filesystem, and I want mount it with parameter changing files and directories UID and GID. I cannot change its parameters, because it is read-only filesystem. I found some idea, using some overlayfs and by find command walk through all files on mount points and rewrite attributes. But it needs some additional filesystem. I don't want use this method. I don't need write anything to this filesystem. Then is there some idea to change UID/GID on the fly by mount options? Is there some cover like filesystem to use on this situation?