Setting UIDs and GIDs for users and groups: is it possible?

NethServer Version: 7.9.2009

Hi,
I would like to migrate the users and groups from an “old” NS to the “new” NS (both 7.9.2009, both ActiveDirectory controller).
I noticed that the web UI doesn’t give the possibility to choose the UIDs and GIDs and that the “new” NS takes other UIDs/GIDs than the “old” one. => I would need to re-adapt the permissions of the files stored on my separate file-server (Ubuntu20, not NS) and make the same for the client machines that are joined to the ActiveDirectory of the NS.
I would like to avoid this stupid tasks!

=> my questions:

  • is there a way to change or set the UIDs/GIDs by creation of afterwards?
  • or is there a way to migrate completely the users and groups with their UIDs/GIDs + passwords from the “old” to the “new” NS? The emails are not needed.

Thanks in advance. Bye.
Arnaud

You could restore a backup from the old server to the new server, see disaster recovery.

“old” NS7 have NethGUI (admin port on 980 port) and “new” does not?

Hi, and thanks for your indications.

“old” NS7 have NethGUI (admin port on 980 port) and “new” does not?

yes, this is true, but it makes no difference: even into the “old” NethGUI there is no menu for setting UID/GID.

after understanding that I have to rename archive => archive.tar.xz ( :face_with_hand_over_mouth: ) of the configuration backup, I gave a try to this.
I ticked “reinstall the packages” (inspite of the warning - I just wish the minimal staff for AD, not the mess of the “old” Neth)
and ticked the restoration of the network config too (the “new” Neth should have another IP+network that the old one)
=> the “old” config is on the “new” NS, the “new” network is still present, I set a new IP for nsdc

config setprop nsdc bridge br0 status enabled
signal-event nethserver-dc-change-ip 192.168.1.11

as given into the “disaster recovery”, the details of “Active Directory local” show the old conf, except the IP, but no user/group is listed…The “old” mess seems to be copied, but not that what I wanted to keep :rage:

I will check if the stupid changing the permissions of the shares and of the files of the client machines is not done faster. NethServer seems not to be designed for “manipulation” into the AD.

Arnaud

Did you use Firefox? I think it’s a bug, I could reproduce in Firefox, in Chromium it has the right name when downloading.

Does the bridge br0 exist?
Just to be sure, the IP you set is not used and in the same network as the Nethserver?

Sorry, it’s the supported procedure for migrating and usually works. Did you restart NSDC or reboot NethServer after restore?

EDIT:

Here are some links to set UID or GID manually:



EDIT2:

It should work to “copy” the ACLs:

2 Likes

Hi Markus,
the situation becomes slowly better:

the “problem” is that I spent a lot of time to get the idea to simply rename the archive…

Yes and yes.

Therefore I gave another try today: run a “normal” restoration including restoration of the network config, sopping the “old” NS before to avoid collision of IPs => the users were present in this case!
So I ran again a restoration from the initial state (“new” NS is a VM, snapshots…) without restoring the network conf, give manually an IP for the DC (like yesterday) => users are present :slightly_smiling_face:
Difference of the procedure from yesterday: the “old” NS was now switched off.
Due to the restoration, the parameters (AC, DC, hostname etc…) of the “new” NS are the same than the ones of the “old” NS (exept the IP) => was a conflict with the “old” NS yesterday present???
“normally” it shouldn’t had happened because both machine are on different networks and the firewall (should…) blocks the traffic between…

[Solved] Is it possible to modify UID GID, post:17, topic:12365"]
getfacl -R >> somefile.acl On nethserver after users/groups created setfacl --restore= somefile.acl

I saw this post previously too and tried: imho this is not what I need. getfacl returns the acl of the files and folders -R, --recursive recurse into subdirectories Issued from the /root folder, it returns

# file: somefile.acl
# owner: root
# group: root
user::rw-
group::r--
other::r--

So it would be useful to “copy” all the permissions of a complete data set. But I don’t think that it ca be use to set the UID/GID of users and groups.

I had some quick reading today: the “problem” doesn’t come from NS but from AD! The ID-mapping with the linux world seems to be quite complicated and unflexible. Not understanding it very well, I would say “shi##y!”

So now I have a “new” NS on another network than the “old” one, with the users and groups, that was what I wanted to get. :upside_down_face:
Unfortunately, I had to keep the “old” hostname and the “old” parameters of the account provider. This is not a problem, just simply not perfect, optical defect…

Thanks again for your support!
Arnaud

1 Like

You’re welcome.

You may need to execute getfacl where your samba shares are in the filesystem (not in /root), it should return the AD users.
The idea was that after joining Ubuntu to the new Nethserver you could import the ACLs to remap the IDs.

OK, I understand the strategy now:

  1. let AD give new UIDs/GIDs
  2. be able to adapt very quick and easy the permissions of files and folders to these new UIDs/GIDs
    …not a bad idea… :nerd_face:

Bye
Arnaud

1 Like