0

I am tasked with reassigning a static group id (gid) to an existing group name that exists on multiple Linux servers.

E.g. the group name foo currently exists on multiple servers, but with different gids:

$ ssh server-1
$ getent group foo
foo:x:998:user1,user2

$ ssh server-2
$ getent group foo
foo:x:999:user2,user3

...given the above, my task would be to assign a new, unique gid to the group name foo on server-1 and server-2.

I've found the following articles that describe changing an existing GID:

  1. https://www.thegeekdiary.com/how-to-correctly-change-the-uid-and-gid-of-a-user-group-in-linux/
  2. Change gid of a specific group

Question: how can I determine a "safe" number to use as the new gid?

E.g. what is a clean/efficient/correct way to determine that the new gid I choose isn't already used on any of the PCs where this change needs to be applied?
Please also advise if there are other factors/considerations on picking a good/available/safe gid.

StoneThrow
  • 1,717

2 Answers2

2

If this is a one-off, I would not spend a lot of time on optimizing the process. First consideration is that I would choose a gid larger that 1000. Look at reserved gids for guidance. Again, as a one-off I would run something like

for host in (server1, server2, ..., serverx)
do
    ssh $host grep 1000 /etc/group
done

If any of the greps return anything, increment the gid and try again. You can loop over ever-increasing gid's and check exit status if you really have a large number of servers or assigned groups to check. Your choice on whether to spend time on optimization or spend time running the loops manually.

doneal24
  • 5,059
2

here is what is in /etc/login.defs taken from a RHEL 7.9 system for your reference

# Min/max values for automatic uid selection in useradd
#
UID_MIN                   1000
UID_MAX                 600000
# System accounts
SYS_UID_MIN               201
SYS_UID_MAX               999



Min/max values for automatic gid selection in groupadd




GID_MIN                  1000
GID_MAX                 60000


System accounts


SYS_GID_MIN               201
SYS_GID_MAX               999

for groups, the convention like was mentioned was typically above 1000. But you or anyone can customize, so it is prudent to reference /etc/login.defs

Software installs like clamav or intel oneapi will create a system group and start at SYS_GID_MAX and work backward I believe.

My personal preference, as an admin, is to work with group id's between 1000-2000 for admin related stuff and then above 2000 for other miscellaneous user kinda group stuff.

  • Any really safe gid would be between the GID_MIN and GID_MAX range.

  • And still a relatively safe range is between SYS_GID_MIN and SYS_GID_MAX.

  • Any safe gid is technically a number not already in use above SYS_GID_MIN.

  • You don't want to choose anything below SYS_GID_MIN and definitely not below 100.

ron
  • 6,575