User id conflicts with user cookbook


#1

i’ve been using the users cookbook for a while, and I’ve noticed an issue
that I wonder if anyone else has a solution to. When I add a new user to
the databag and run chef-client on a server that has been around for a while
and had some users manually added to it, I get a uid and gid conflict.
Obviously the real problem here is that we are still manually adding users
occasionally, but unfortunately that’s unavoidable for now.

I thought about removing the uid and gid attributes from the recipe so it
just creates the user with the next available uid and gid, but I thought I
would ask on the mailing list before doing that to see what other’s have
done to avoid this.

Thanks

John


#2

Don’t manually add users, manage everything with Chef.

Try a high UID range, otherwise, like 4000
On Oct 19, 2011 1:12 PM, “John Alberts” john.m.alberts@gmail.com wrote:

i’ve been using the users cookbook for a while, and I’ve noticed an issue
that I wonder if anyone else has a solution to. When I add a new user to
the databag and run chef-client on a server that has been around for a while
and had some users manually added to it, I get a uid and gid conflict.
Obviously the real problem here is that we are still manually adding users
occasionally, but unfortunately that’s unavoidable for now.

I thought about removing the uid and gid attributes from the recipe so it
just creates the user with the next available uid and gid, but I thought I
would ask on the mailing list before doing that to see what other’s have
done to avoid this.

Thanks

John


#3

Yeah, I know, but unfortunately, not manually adding users is not an option.
We are only partially automated and that’s not going to change for a while.
I’ve already tried using a high uid and it doesn’t matter. Whatever I
change it to, the next time a user is created using useradd, it just picks
up where chef left off.

On Tue, Oct 18, 2011 at 7:40 PM, AJ Christensen aj@junglist.gen.nz wrote:

Don’t manually add users, manage everything with Chef.

Try a high UID range, otherwise, like 4000
On Oct 19, 2011 1:12 PM, “John Alberts” john.m.alberts@gmail.com wrote:

i’ve been using the users cookbook for a while, and I’ve noticed an issue
that I wonder if anyone else has a solution to. When I add a new user to
the databag and run chef-client on a server that has been around for a while
and had some users manually added to it, I get a uid and gid conflict.
Obviously the real problem here is that we are still manually adding users
occasionally, but unfortunately that’s unavoidable for now.

I thought about removing the uid and gid attributes from the recipe so it
just creates the user with the next available uid and gid, but I thought I
would ask on the mailing list before doing that to see what other’s have
done to avoid this.

Thanks

John


John Alberts


#4

Yo,

Bad luck re: automation

I mean create your users (with chef, from data-bags) in a high-UID range.

You can adjust the useradd configuration file to add users to a
different UID range, for your terrible, terrible, greybeard bad-mans,
when called by hand without a UID.

–AJ

On 19 October 2011 13:46, John Alberts john.m.alberts@gmail.com wrote:

Yeah, I know, but unfortunately, not manually adding users is not an option.
We are only partially automated and that’s not going to change for a while.
I’ve already tried using a high uid and it doesn’t matter. Whatever I
change it to, the next time a user is created using useradd, it just picks
up where chef left off.

On Tue, Oct 18, 2011 at 7:40 PM, AJ Christensen aj@junglist.gen.nz wrote:

Don’t manually add users, manage everything with Chef.

Try a high UID range, otherwise, like 4000

On Oct 19, 2011 1:12 PM, “John Alberts” john.m.alberts@gmail.com wrote:

i’ve been using the users cookbook for a while, and I’ve noticed an issue
that I wonder if anyone else has a solution to. When I add a new user to
the databag and run chef-client on a server that has been around for a while
and had some users manually added to it, I get a uid and gid conflict.
Obviously the real problem here is that we are still manually adding users
occasionally, but unfortunately that’s unavoidable for now.

I thought about removing the uid and gid attributes from the recipe so it
just creates the user with the next available uid and gid, but I thought I
would ask on the mailing list before doing that to see what other’s have
done to avoid this.

Thanks

John


John Alberts


#5

Yep - if you can’t get around manual user adding, you want to just delete them and let the system pick.

Adam

On Oct 18, 2011, at 5:12 PM, John Alberts wrote:

i’ve been using the users cookbook for a while, and I’ve noticed an issue that I wonder if anyone else has a solution to. When I add a new user to the databag and run chef-client on a server that has been around for a while and had some users manually added to it, I get a uid and gid conflict. Obviously the real problem here is that we are still manually adding users occasionally, but unfortunately that’s unavoidable for now.

I thought about removing the uid and gid attributes from the recipe so it just creates the user with the next available uid and gid, but I thought I would ask on the mailing list before doing that to see what other’s have done to avoid this.

Thanks

John


#6
  • Adam Jacob [2011-10-19]:

Yep - if you can’t get around manual user adding, you want to just
delete them and let the system pick.

As always, it depends. As long as you don’t run NFS or any other service
that requires consistent UIDs over several servers, this makes sense.
If, on the other hand, you do require consistent UIDs over several
servers I suggest reserving an id space for chef-managed users and a
separate id space for manually managed users.

cheers,

Nikoay


“It’s all part of my Can’t-Do approach to life.” Wally


#7

Thank you. I don’t know why I didn’t even think about modifying
/etc/login.defs to limit the uid and gid range that is used by default.
This should work perfect. I’ll limit the useradd uid’s to below 20000, and
have chef create users starting at 30000.

Thanks again.

On Tue, Oct 18, 2011 at 8:01 PM, AJ Christensen aj@junglist.gen.nz wrote:

Yo,

Bad luck re: automation

I mean create your users (with chef, from data-bags) in a high-UID range.

You can adjust the useradd configuration file to add users to a
different UID range, for your terrible, terrible, greybeard bad-mans,
when called by hand without a UID.

–AJ

On 19 October 2011 13:46, John Alberts john.m.alberts@gmail.com wrote:

Yeah, I know, but unfortunately, not manually adding users is not an
option.
We are only partially automated and that’s not going to change for a
while.
I’ve already tried using a high uid and it doesn’t matter. Whatever I
change it to, the next time a user is created using useradd, it just
picks
up where chef left off.

On Tue, Oct 18, 2011 at 7:40 PM, AJ Christensen aj@junglist.gen.nz
wrote:

Don’t manually add users, manage everything with Chef.

Try a high UID range, otherwise, like 4000

On Oct 19, 2011 1:12 PM, “John Alberts” john.m.alberts@gmail.com
wrote:

i’ve been using the users cookbook for a while, and I’ve noticed an
issue

that I wonder if anyone else has a solution to. When I add a new user
to

the databag and run chef-client on a server that has been around for a
while

and had some users manually added to it, I get a uid and gid conflict.
Obviously the real problem here is that we are still manually adding
users

occasionally, but unfortunately that’s unavoidable for now.

I thought about removing the uid and gid attributes from the recipe so
it

just creates the user with the next available uid and gid, but I
thought I

would ask on the mailing list before doing that to see what other’s
have

done to avoid this.

Thanks

John


John Alberts


John Alberts