Changing Enswitch UID and GID
Contents
Overview
It may be necessary to change the UID and GID of the enswitch user/group on an existing system. In our case the enswitch user was UID 100 and the enswitch group was GID 101, which caused us to have to renumber the existing 100 user and 101 group on every new server install.
Disclaimer
This is provided as-is with no warranty and may not work correctly on every Enswitch system. Make sure you have proper backups and test the procedure in a non-production environment. Neither I nor Integrics are responsible for any problems arising from the use of these intstructions.
Procedure
Variables
In this example, the enswitch UID is 100 and will be changed to 900, and the enswitch GID is 101 and will chaneg to 901.
Identify files owned by enswitch user and group
On each Enswitch server, find files owned by uid 100 or gid 101 and save them to a text file.
For NFS servers:
time find / -user 100 | egrep -v "\/proc|\/dev\/" > /tmp/enswitch_user_files.txt time find / -group 101 | egrep -v "\/proc|\/dev\/" > /tmp/enswitch_group_files.txt
For all other servers:
time find / -user 100 | egrep -v "\/var\/lib\/enswitch\/|\/proc|\/dev\/" > /tmp/enswitch_user_files.txt time find / -group 101 | egrep -v "\/var\/lib\/enswitch\/|\/proc|\/dev\/" > /tmp/enswitch_group_files.txt
Stop all services using enswitch user/group
Web (Active only):
/etc/init.d/apache2 stop
Asterisk:
/etc/init.d/asterisk stop /etc/init.d/enswitch_routed stop /etc/init.d/hylafax stop chown -h enswitch:enswitch /var/spool/asterisk/voicemail sleep 2 pgrep -lf asterisk pgrep -lf enswitch_routed
Kamailio (Active only):
/etc/ha.d/resource.d/kamailio stop /etc/ha.d/resource.d/rtpengine stop /etc/ha.d/resource.d/enswitch_sipd stop /etc/ha.d/resource.d/enswitch_messaged stop sleep 2 pgrep -alf enswitch_sipd pgrep -alf enswitch_messaged pgrep -alf kamailio pgrep -alf rtpengine
Change enswitch UID and GID
getent group enswitch groupmod -g 901 enswitch getent group enswitch
getent passwd enswitch usermod -u 900 -g 901 enswitch getent passwd enswitch
Change file ownership
Change ownership on all files that reside on the local disk on each server. Start this on the NFS boxes first because they will take the longest.
time cat /tmp/enswitch_user_files.txt | xargs --max-args=1000 chown enswitch time cat /tmp/enswitch_group_files.txt | xargs --max-args=1000 chgrp enswitch
Once this has finished on all servers, move on to the next step
Start services
Web (Active only):
/etc/init.d/apache2 start
Asterisk:
/etc/init.d/asterisk start /etc/init.d/enswitch_routed start /etc/init.d/hylafax start
pgrep -lf asterisk pgrep -lf enswitch_routed
Kamailio (Active only):
/etc/ha.d/resource.d/kamailio start /etc/ha.d/resource.d/rtpengine start /etc/ha.d/resource.d/enswitch_sipd start /etc/ha.d/resource.d/enswitch_messaged start
pgrep -alf enswitch_sipd pgrep -alf enswitch_messaged pgrep -alf kamailio pgrep -alf rtpengine
enswitch restart
Restart Enswitch on all other servers
enswitch restart
= Re-check ownership
On each Enswitch server, find files owned by uid 100 or gid 101 that may have been created after the initial check:
time find / -user 100 | egrep -v "\/var\/lib\/enswitch\/|\/proc|\/dev\/" > /tmp/enswitch_user_files_2.txt time find / -group 101 | egrep -v "\/var\/lib\/enswitch\/|\/proc|\/dev\/" > /tmp/enswitch_group_files_2.txt
If any files are found, change ownership on them, then stop and start all services again.
time cat /tmp/enswitch_user_files_2.txt | xargs --max-args=1000 chown enswitch time cat /tmp/enswitch_group_files_2.txt | xargs --max-args=1000 chgrp enswitch
Re-start cron
Restart cron on all boxes. I had an issue where enswitch_cdrs_archive, enswitch_cdrs_delete and other Enswitch cron jobs did not run after the change. Apparently cron caches the user to uid and group to gid mapping. Restarting cron fixed the issue.
