On 08/18/2015 01:02 PM, Alec T. Habig wrote:
> Hi folks,
>
> I want to add some new machines, running 7.1, into an ldap managed
> cluster consisting of 6.x machines.  7 wants system accounts numbered
> under 1000, 6 was happy with under 500.  Many users and countless files
> over a number of machines have uids between 500 and 1000: a global
> migration to the new scheme would be A Lot Of Work.  This fedora
> features proposal page:
>
>    https://fedoraproject.org/wiki/Features/1000SystemAccounts
>
> suggests dropping in a tweaked /etc/login.defs file in kickstart's %pre
> section for people in my situation.
>
> Unfortunately, the filesystem doesn't exist yet in %pre, so that's too
> early to pull in a tweaked file.  In %post, all the system accounts are
> already made and many config files have pulled the UID min and max
> values from the default login.defs file already, so that's too late.

Are you *sure* it doesn't work?  It would seem possible the initial install to the new root might use the login.defs from the kickstart environment, and by fixing login.defs again in %post you patch your installed system.

I wouldn't imagine migrating to the new scheme would be *that* difficult once you nail down the user, old uid, new uid, change their passwd uid, then run something like this on all your systems: find PATHS -user $oldID -exec chown -h $newID {} +