Within the GID range allocated for system users we have some odd variation that some UIDs are allocated backwards and some upwards, this needs to be investigated further, see https://phabricator.wikimedia.org/T235067#5562514 for the findings related to debmonitor (which also apply to others like systemd-coredump or prometheus-node-exporter)
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T235161 Improve management of users/groups on servers in production | |||
| Open | None | T235163 Investigate GID allocation for system users |
Event Timeline
Comment Actions
The old system users which were created outside the 100-499 range still need to be cleaned up, otherwise we'll carry this technical debt for a few more years. Most of that is caused by debdeploy, and I'll roll out 0.3.0 in a way that I delete the system user with Cumin and then deploy the new debdeploy (which will re-create the sysusers in the correct range).
Comment Actions
For completeness, the other long-term transition in place is for swift (T123918) since we change uid/gid only on (de)com of hosts. Doing it "online" and speeding up the transition is possible but time consuming as each swift hosts has millions of inodes to change.