How to change UID and GID of the local user in Linux? 3 Easy Steps

 How to change the UID and GID of the local user?

Have you ever faced the issue of a service not starting or a permission error? You need to check if it correct UID and GID assigned or not. If not then in this article you will learn how to change UID and GID or local users and service accounts.
How to change UID and GID in Linux
 

Environment

  • RHEL 6
  • RHEL 7
  • RHEL 8
  • CentOS 7
  • Rocky Linux 8

Issue

  • UID and GID of the local required to change

Related post: How to Disable Firewall in Linux 

Resolution

The task of changing UID and GID of the local user is not quite simple and caution must be taken doing this. UID and GID of the local user explinux will be modified from 503 to 505 in the below example.

Check Running Process

Check for any processes running in the system as this user and stop them. Changing the local user UID and GID to a new one while there are processes running in the system using old UID is dangerous and can lead to data loss. Note, that ps will print UID instead of the user name if the user name is too long, so search for both UID and the user name in the process list:

# ps -ef | grep explinux
# ps -ef | grep 503

If you find any running process kill it by kill -9 pid command

Modify UID and GID

Step 1

Backup is necessary  for /etc/passwd and /etc/group files before doing the steps below:

# cp -p /etc/passwd /etc/passwd.orig
# cp -p /etc/group /etc/group.orig

Currently, the user explinux has the UID and GID of 503 as shown below:

# id explinux
uid=503(explinux) gid=503(explinux) groups=503(explinux)

Step 2

First, we modify the GID of the user’s group to 505, as shown below:

# groupmod -g 505 explinux

Step 3

Next, modify the UID and GID value of the user explinux to 505, as shown below:

# usermod -u 505 -g 505 explinux

Alternate Method

The same can be done by direct editing /etc/passwd and /etc/group files.

Before:

[/etc/group]
explinux:x:503:

[/etc/passwd]
explinux:x:503:503:...(omit)...

After:

[/etc/group]
explinux:x:505:

[/etc/passwd]
explinux:x:505:505:...(omit)...

Now verify whether UID and GID were indeed changed, as shown below:

# id explinux
uid=505(explinux) gid=505(explinux) groups=505(explinux)

Effect of change UID and GID

If in your system or server, any other existing user is a member of the group previously having GID of 503, it will not be in this group anymore, because the GID of the group has been changed to 505. So change the GIDs of all the user which are having GID of 503 to 505 or any other existing group as per your requirements.

Change Files Ownership To user UID and GID

Owner UID and GID of the files and directories also will not change automatically. All the files and directories with a previous owner UID and GID should have changed them. The only way to do it reliably is by scanning through the filesystem beginning with the root (/) and changing UID or GID.

The chown command resets SETUID and SETGID bits, and you have to remember which ones by finding all such files first and setting it back after you do the chown command by the below command:

# find / -uid 503 -perm /6000 -ls
# find / -gid 503 -perm /6000 -ls

After saving the list of files with SETUID and SETGID bits, you may actually change files UID and GID by the below command :

# find / -uid 503 -exec chown -v -h 505 '{}' ;
# find / -gid 503 -exec chgrp -v 505 '{}' ;

Custom Settings

If you are running the default Linux program you are done with the above setting nut if you have configured any third-party application. Now we need to change the configuration file or setting where the affected user UID is used instead of the user name should be changed to reflect a new UID value of the user. For this locate such configuration files or settings according to the software installed and change the UID of the affected user to a new one, 503 to 505 in this example case. For Example you have added user details in any third-party software to access or run a program then you need to add them again.

Now at this point, you have learned how to correctly change UID and GID or any user or service account.

Leave a Comment

Your email address will not be published. Required fields are marked *