Page MenuHomePhabricator
Create Task
Maniphest T65028

Inconsistent GID number (500 or 550)
Closed, ResolvedPublic
Actions

Description

Accounts imported from the old svn credentials received the GID 550 which is the 'svn' group.

Users created via wikitech are assigned GID 500 which is 'wikidev'.

$ ldaplist -l passwd |grep gidNumber|sort|uniq -c|sort -n|tail -n2

447     gidNumber: 550

2615 gidNumber: 500
$

That makes sharing file between accounts a bit cumbersome :-]

We should update all the old accounts to use GID 500 (wikidev).

Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=58687
https://bugzilla.wikimedia.org/show_bug.cgi?id=65548

Details

Reference
bz63028

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedNoneT65803 `sql` does not work on deployment-prep
 ResolvedNoneT65028 Inconsistent GID number (500 or 550)

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 2:58 AM
bzimport added a project: Cloud-VPS.
bzimport set Reference to bz63028.
bzimport added a subscriber: Unknown Object (MLST).
hashar created this task.Mar 24 2014, 8:31 PM
jayvdb added a comment.May 8 2014, 6:01 AM

As noted on bug 64596, this is probably what is blocking me submitting patches.

bd808 added a comment.May 21 2014, 7:38 PM

From related discussion on https://bugzilla.wikimedia.org/show_bug.cgi?id=65548#c3

I think the best fix for this would be to update all users that have
550(svn) as their primary group to have 500(wikidev) as their primary group.

Following that one of two things should happen, either all files owned by
group 550(svn) should be changed to 500(wikidev) across all of labs, or
probably more rationally all users in the 500(wikidev) group should be added
to the 550(svn) as a secondary group. If the later action is taken the
script that creates new users in ldap should also be updated to add all
future users to the 550(svn) group as a secondary group.

Andrew added a comment.May 27 2014, 7:46 PM

OK, done:

  1. Everyone with a primary group of 550 now has a primary group of 500 instead
  2. Everyone who used to have a primary group of 550 is now an explicit member of the 'svn' group, 550.

#2 should ensure that everyone can still read their files. I'm braced for labs users to inform me otherwise...

jayvdb mentioned this in T60687: List of SVN users who were not migrated.Jan 14 2015, 12:52 AM
Aklapper added a project: Cloud-Services.Apr 29 2015, 12:20 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL