This discussion is archived
3 Replies Latest reply: Jan 3, 2013 8:30 AM by Dude! RSS

UID and GID assignment - purely academic curiosity

EdStevens Guru
Currently Being Moderated
I'd not given any thought to this before, but as I am trying to create a sandbox system to mimic as closely as possible one of my prod systems and comb through any possible differences, I noticed this.

It seems that in all of my 'real' systems, across several versions of *nix, across several shops, user 'oracle' always comes up with UID=501, group oinstall has gid=501, dba gid=502.  But when I build my sandbox I got
oracle:orcl$ id
uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba)
In this case, the oracle user and groups were actually created as part of 'yum install oracle-validated'.

Just as an expreriment, I just restored one of my vm's to a snapshot prior to installing oracle-validated, where there is no user 'oracle', and created it manually with 'useradd oracle'. That produced a uid=500 and a gid (oracle) of 501. Of course, with that simple experiment, I had no 'dba' or 'oinstall' groups.

Not a problem, just a curiosity as to how the system assigns UID and GID, and why allowing the oracle user and associated groups to be created with the oracle-validated package would be so different than when created directly with 'useradd'.

And does that present any 'unknown unknowns' I need to become aware of, to move to the 'known unknowns' ...
  • 1. Re: UID and GID assignment - purely academic curiosity
    Dude! Guru
    Currently Being Moderated
    Let's see how the user and group are determined:

    <pre>
    # wget http://public-yum.oracle.com/repo/OracleLinux/OL5/latest/x86_64/\
    oracle-validated-1.1.0-15.el5.x86_64.rpm
    # rpm2cpio oracle-validated-1.1.0-15.el5.x86_64.rpm | cpio -idmv
    # cat ./etc/sysconfig/oracle-validated
    </pre>

    Search for the function f_createuser (). Here is the part that creates the group:

    <pre>
    groupnum=`cat /etc/group | sort -t: -g +2 -3 | grep -v nfsnobody | cut -f3 -d":" | tail -1`
    if [ "${groupnum}" -ge "${GROUPID}" ]; then
              GROUPID=`expr $groupnum + 1`
    fi
    </pre>

    It simply extract the highest GID in use, exlcuding nfsnobody, and then adds 1.

    To answer your questions, prior to running oracle-validated you must have had a user in the system with UID 54320. I suggest to look in /etc/passwd and /etc/group, which user and group applies and then find out how these entries were created. Perhaps you installed or setup some software that did not necessarily follow the Red Hat conventions.

    The range of user and groups is usually determined by convention. Red Hat for instance:
    UIDs from 1 to 100 for system use. UIDs from 101 up to 499 are reserved.
  • 2. Re: UID and GID assignment - purely academic curiosity
    EdStevens Guru
    Currently Being Moderated
    Dude wrote:
    Let's see how the user and group are determined:

    <pre>
    # wget http://public-yum.oracle.com/repo/OracleLinux/OL5/latest/x86_64/\
    oracle-validated-1.1.0-15.el5.x86_64.rpm
    # rpm2cpio oracle-validated-1.1.0-15.el5.x86_64.rpm | cpio -idmv
    # cat ./etc/sysconfig/oracle-validated
    </pre>

    Search for the function f_createuser (). Here is the part that creates the group:

    <pre>
    groupnum=`cat /etc/group | sort -t: -g +2 -3 | grep -v nfsnobody | cut -f3 -d":" | tail -1`
    if [ "${groupnum}" -ge "${GROUPID}" ]; then
              GROUPID=`expr $groupnum + 1`
    fi
    </pre>

    It simply extract the highest GID in use, exlcuding nfsnobody, and then adds 1.

    To answer your questions, prior to running oracle-validated you must have had a user in the system with UID 54320. I suggest to look in /etc/passwd and /etc/group, which user and group applies and then find out how these entries were created. Perhaps you installed or setup some software that did not necessarily follow the Red Hat conventions.

    The range of user and groups is usually determined by convention. Red Hat for instance:
    UIDs from 1 to 100 for system use. UIDs from 101 up to 499 are reserved.
    Interesting. When I interrogate /etc/passwd, the highest UID prior to oracle is 'vboxadd' with a uid=101. (of course, that is ignoring nfsnobody). /etc/group shows a similar pattern. So even with the logic shown, it looks like oracle's uid=54321 came from left field.
  • 3. Re: UID and GID assignment - purely academic curiosity
    Dude! Guru
    Currently Being Moderated
    Are you comparing OL 5 (oracle-validated) with OL 6 (oracle-rdbms-server-11gR2-preinstall)?

    I checked the "oracle-rdbms-server-11gR2-preinstall-verify" script for OL6 and it defines the following variables:

    <pre>
    USERID="54321"
    GROUPID="54321"

    groupnum=`cat /etc/group | sort -t: -g +2 -3 | grep -v nfsnobody | cut -f3 -d":" | tail -1`
         if [ "${groupnum}" -ge "${GROUPID}" ]; then
              GROUPID=`expr $groupnum + 1`
         fi
    </pre>

    This should answer your question. The routine to determine the GID and UID in *oracle-rdbms-server-11gR2-preinstall* is similar to *oracle-validated*, but uses a predefined value for GID and UID unless there is any existing with a higher number.

    I suppose this helps to have a more consistent GID and UID for the Oracle user and group ID across installations. A consistent UID and GID is important for NFS. The number 54321 as such looks like it was chosen arbitrarily.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points