How to change the UID and GID of the local user?
Environment
- RHEL 6
- RHEL 7
- RHEL 8
- CentOS 7
- Rocky Linux 8
Issue
- UID and GID of the local required to change
Related post: How to Disable Firewall in Linux
Resolution
The task of changing UID and GID of the local user is not quite simple and caution must be taken doing this. UID and GID of the local user explinux will be modified from 503 to 505 in the below example.
Check Running Process
Check for any processes running in the system as this user and stop them. Changing the local user UID and GID to a new one while there are processes running in the system using old UID is dangerous and can lead to data loss. Note, that ps will print UID instead of the user name if the user name is too long, so search for both UID and the user name in the process list:
# ps -ef | grep explinux
# ps -ef | grep 503
If you find any running process kill it by kill -9 pid command
Modify UID and GID
Step 1
Backup is necessary for /etc/passwd and /etc/group files before doing the steps below:
# cp -p /etc/passwd /etc/passwd.orig
# cp -p /etc/group /etc/group.orig
Currently, the user explinux has the UID and GID of 503 as shown below:
# id explinux
uid=503(explinux) gid=503(explinux) groups=503(explinux)
Step 2
First, we modify the GID of the user’s group to 505, as shown below:
# groupmod -g 505 explinux
Step 3
Next, modify the UID and GID value of the user explinux to 505, as shown below:
# usermod -u 505 -g 505 explinux
Alternate Method
The same can be done by direct editing /etc/passwd and /etc/group files.
Before:
[/etc/group]
explinux:x:503:
[/etc/passwd]
explinux:x:503:503:...(omit)...
After:
[/etc/group]
explinux:x:505:
[/etc/passwd]
explinux:x:505:505:...(omit)...
Now verify whether UID and GID were indeed changed, as shown below:
# id explinux
uid=505(explinux) gid=505(explinux) groups=505(explinux)
Effect of change UID and GID
If in your system or server, any other existing user is a member of the group previously having GID of 503, it will not be in this group anymore, because the GID of the group has been changed to 505. So change the GIDs of all the user which are having GID of 503 to 505 or any other existing group as per your requirements.
Change Files Ownership To user UID and GID
Owner UID and GID of the files and directories also will not change automatically. All the files and directories with a previous owner UID and GID should have changed them. The only way to do it reliably is by scanning through the filesystem beginning with the root (/) and changing UID or GID.
The chown command resets SETUID and SETGID bits, and you have to remember which ones by finding all such files first and setting it back after you do the chown command by the below command:
# find / -uid 503 -perm /6000 -ls
# find / -gid 503 -perm /6000 -ls
After saving the list of files with SETUID and SETGID bits, you may actually change files UID and GID by the below command :
# find / -uid 503 -exec chown -v -h 505 '{}' ;
# find / -gid 503 -exec chgrp -v 505 '{}' ;
Custom Settings
If you are running the default Linux program you are done with the above setting nut if you have configured any third-party application. Now we need to change the configuration file or setting where the affected user UID is used instead of the user name should be changed to reflect a new UID value of the user. For this locate such configuration files or settings according to the software installed and change the UID of the affected user to a new one, 503 to 505 in this example case. For Example you have added user details in any third-party software to access or run a program then you need to add them again.
Now at this point, you have learned how to correctly change UID and GID or any user or service account.