Page MenuHomePhabricator

Investigate GID allocation for system users
Open, MediumPublic

Description

Within the GID range allocated for system users we have some odd variation that some UIDs are allocated backwards and some upwards, this needs to be investigated further, see https://phabricator.wikimedia.org/T235067#5562514 for the findings related to debmonitor (which also apply to others like systemd-coredump or prometheus-node-exporter)

Event Timeline

jijiki triaged this task as Medium priority.Oct 14 2019, 3:50 PM

@MoritzMuehlenhoff i think we can close this now right?

The old system users which were created outside the 100-499 range still need to be cleaned up, otherwise we'll carry this technical debt for a few more years. Most of that is caused by debdeploy, and I'll roll out 0.3.0 in a way that I delete the system user with Cumin and then deploy the new debdeploy (which will re-create the sysusers in the correct range).

For completeness, the other long-term transition in place is for swift (T123918) since we change uid/gid only on (de)com of hosts. Doing it "online" and speeding up the transition is possible but time consuming as each swift hosts has millions of inodes to change.