Hi , I want to match uid/gid across multiple systems but before I
potentially destroy multiple systems trying to fix the mess I want to
see if there is an easier/better way:

The cause of the problem is the "ACCT_USER_ID=-1" in the acct-user and
matching acct-group ebuilds (which I think means use next available
uid/gid - which in my case isn't close to consistent.)

Its just come to a head when I added a third  lxc host system and some services (inside the lxc VM using passthrough to the host) are not
working properly on migration - but even if this is not the cause, it
needs fixing :(

Should I:

on each host:

1. stop the relevant services and VM's

2. emerge -C the applicable acct-user/xxx and acct-group/xxxx ebuilds

3. remove remnants from the passwd and group files

4. edit the ebuilds in an overlay setting ACCT_USER_ID to the wanted uid
and ACCT_GROUP_ID to the wanted gid

5. reinstall the ebuilds

6. issue a find for the old uid's and gid's changing them to the new ones

7. restart the systems

8. sit back and bask in the glow of a job well done


So to the questions: is there a better way? Have I missed anything? is
there another way to pin uid's and gid's?

BillK

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------qaGhGn5Dxo0bhTEtwPhcI2QE
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 5/8/25 8:50 PM, William Kenworthy wrote:

Hi , I want to match uid/gid across multiple systems but before I
potentially destroy multiple systems trying to fix the mess I want to
see if there is an easier/better way:

The cause of the problem is the "ACCT_USER_ID=-1" in the acct-user and matching acct-group ebuilds (which I think means use next available uid/
gid - which in my case isn't close to consistent.)

-1 is forbidden by policy in ::gentoo, I suppose you might care to guess
why.

Per the documentation: https://devmanual.gentoo.org/eclass-reference/acct-user.eclass/#lbAF

You may set ACCT_USER_${UPPERCASE_PACKAGE_NAME}_ID=myuid to override it
if you wish. The eclass is designed to provide this specific extension
point so that users can choose arbitrarily-random uids for packages
which already have a globally reserved uid. (Don't ask me why.)


--
Eli Schwartz

--------------qaGhGn5Dxo0bhTEtwPhcI2QE--

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQTnFNnmK0TPZHnXm3qEp9ErcA0vVwUCaB1UtwUDAAAAAAAKCRCEp9ErcA0vV3HT AQCU2RaEmZFLhTrU6NBR5oWj1wthgr6hfHQg0N39/mW71wEAuVepfk0HcEdKvsUqVMW0Z8Rj/mWR ukenwSI6Qy9K5AU=
=5sZ/
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

------EJYOT7J0S0UW4HNT1NF82ZUKAAIF87
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: quoted-printable

Thanks Eli, especially for the reference. The applications I most need to behave are postfix (not sure why this one) homeassistant and esphome which are from a third party repo.
BillK

On 9 May 2025 9:04:55 am AWST, Eli Schwartz <eschwartz@gentoo.org> wrote:

On 5/8/25 8:50 PM, William Kenworthy wrote:

Hi , I want to match uid/gid across multiple systems but before I
potentially destroy multiple systems trying to fix the mess I want to
see if there is an easier/better way:

The cause of the problem is the "ACCT_USER_ID=-1" in the acct-user and
matching acct-group ebuilds (which I think means use next available uid/
gid - which in my case isn't close to consistent.)

-1 is forbidden by policy in ::gentoo, I suppose you might care to guess
why.

Per the documentation: >https://devmanual.gentoo.org/eclass-reference/acct-user.eclass/#lbAF

You may set ACCT_USER_${UPPERCASE_PACKAGE_NAME}_ID=myuid to override it
if you wish. The eclass is designed to provide this specific extension
point so that users can choose arbitrarily-random uids for packages
which already have a globally reserved uid. (Don't ask me why.)

--
Eli Schwartz

------EJYOT7J0S0UW4HNT1NF82ZUKAAIF87
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head></head><body><div dir="auto">Thanks Eli, especially for the reference.  The applications I most need to behave are postfix (not sure why this one) homeassistant and esphome which are from a third party repo.  <br>BillK</div><br><br><div
class="gmail_quote"><div dir="auto">On 9 May 2025 9:04:55 am AWST, Eli Schwartz &lt;eschwartz@gentoo.org&gt; wrote:</div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail"><div dir="auto">On 5/8/25 8:50 PM, William Kenworthy wrote:<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"><div dir="auto">Hi , I want to match uid/gid
across multiple systems but before I<br>potentially destroy multiple systems trying to fix the mess I want to<br>see if there is an easier/better way:<br><br>The cause of the problem is the "ACCT_USER_ID=-1" in the acct-user and<br>matching acct-group
ebuilds (which I think means use next available uid/<br>gid - which in my case isn't close to consistent.)<br></div></blockquote><div dir="auto"><br><br>-1 is forbidden by policy in ::gentoo, I suppose you might care to guess<br>why.<br><br>Per the
documentation:<br><a href="https://devmanual.gentoo.org/eclass-reference/acct-user.eclass/#lbAF">https://devmanual.gentoo.org/eclass-reference/acct-user.eclass/#lbAF</a><br><br>You may set ACCT_USER_${UPPERCASE_PACKAGE_NAME}_ID=myuid to override it<br>if
you wish. The eclass is designed to provide this specific extension<br>point so that users can choose arbitrarily-random uids for packages<br>which already have a globally reserved uid. (Don't ask me why.)<br><br><br></div></pre></blockquote></div></body>
</html>
------EJYOT7J0S0UW4HNT1NF82ZUKAAIF87--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)