How to change UID and GID of the local user in Linux?

 How to change the UID and GID of the local user?

Have you ever faced the issue with a service not start or a permission error? You need to check if it correct UID and GID assigned or not. If not then in this article you will learn how to change UID and GID or local users and service account.

Environment

  • RHEL 6
  • RHEL 7
  • RHEL 8

Issue

  • UID and GID of the local required to change 

Resolution

The task of changing UID and GID of the local user is not quite simple and caution must be taken doing this. UID and GID of the local user explinux will be modified from 503 to 505 in the below example.

1) Check for any processes running in the system as this user and stop them. Changing the local user UID and GID to a new one while there are processes running in the system using old UID is dangerous and can lead to data loss. Note, that ps will print UID instead of the user name if the user name is too long, so search for both UID and the user name in the process list:

# ps -ef | grep explinux
# ps -ef | grep 503

2) Actually modify UID and GID.

2.1) Backup is necessary  for /etc/passwd and /etc/group files before doing the steps below:

# cp -p /etc/passwd /etc/passwd.orig
# cp -p /etc/group /etc/group.orig

2.2) Currently the user explinux has UID and GID of 503 as shown below:

# id explinux
uid=503(explinux) gid=503(explinux) groups=503(explinux)

2.3) First we modify the GID of the user’s group to 505, as shown below:

# groupmod -g 505 explinux

2.4) Next modify the UID and GID value of the user explinux to 505, as shown below:

# usermod -u 505 -g 505 explinux

2.5) The same can be done by directly editing /etc/passwd and /etc/group files.

Before:

[/etc/group]
explinux:x:503:

[/etc/passwd]
explinux:x:503:503:...(omit)...

After:

[/etc/group]
explinux:x:505:

[/etc/passwd]
explinux:x:505:505:...(omit)...

2.6) Now verify whether UID and GID were indeed changed, as shown below:

# id explinux
uid=505(explinux) gid=505(explinux) groups=505(explinux)

3) If in your system or server any other existing user is a member of the group previously having GID of 503, it will not be in this group anymore, because the GID of the group has been changed to 505. So change the GIDs of all the user which are having GID of 503 to 505 or any other existing group as per your requirements.

4) Owner UID and GID of the files and directories also will not change automatically. All the files and directories which are having a previous owner UID and GID should have to change them. The only way to do it reliably is by scanning through all the filesystem beginning with root (/) and changing UID or GID.

The chown command resets SETUID and SETGID bits, and you have to remember which ones by finding all such files first and setting it back after you do the chown command by below command:

# find / -uid 503 -perm /6000 -ls
# find / -gid 503 -perm /6000 -ls

After saving the list of files with SETUID and SETGID bits, you may actually change files UID and GID by the below command :

# find / -uid 503 -exec chown -v -h 505 '{}' ;
# find / -gid 503 -exec chgrp -v 505 '{}' ;

5) Now we need to change the configuration file or setting where the affected user UID is used instead of the user name should be changed to reflect a new UID value of the user. For this locate such configuration files or settings according to the software installed and change the UID of the affected user to a new one, 503 to 505 in this example case.

Now at this point, you have learned how to correctly change UID and GID or any user or service account.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top