From: lars@beagle-ears.com   
      
   After several upgrades, migrations, moving of file systems to new   
   hardware etc etc, I came across a problem that I really need to   
   resolve, but I need some ideas as to the best way to do it.   
      
   The problem popped up when I was trying to forward a UseNet post   
   to email. All looked good until a warning message that when spawning   
   the mailer, it failed to set the GID: EGID=486, want=51   
   exit status 71. And when I hit return, slrn reported that ther   
   followup had been successful. And my edited forward message was   
   lost.   
      
   I found that GID 51 and GID 486 were both in /etc/group as the   
   group smmsp (sendmail sending profile?). And it turns out that   
   there are a number of these:   
        mailnull 47 and 487   
        apache   48 and 489   
        smmsp    51 and 486   
        openvpn 994 and 982   
        ...   
   And there are probably also such problems on the user-id side.   
      
   Clearly, these need to be consolidated, but then after that, the   
   file systems have to be scanned and corrected so that all the SUID   
   and SGID bits get moved to the chosen survivor entry.   
      
   The scripts to do this will be a pain to write, so I wonder   
   - if others have had the same problems,   
   - what you did about it,   
   - and are there scripts to automate the process?   
      
   Of course I also wonder how (and how long ago) it happened.   
   Part of the origin story is certainly that 10-15 years ago   
   the reserved range of UIDs and GIDs ended at 499 and user accounts   
   started at 500 instead of 1000 where they are now.   
      
   It seems that there may never be a completely clean solution to   
   this, because when you build a new system, it sets up it range of UIDS   
   and GIDS for system services, and by necessity, it also creates   
   at least one "user" account. Then, when you port in the user   
   partitions from the old system, you need to bring in the parts   
   of /etc/passwd, /etc/shadow, /etc/group and related configuration   
   items that match the files in those imported file systems,   
   including the "additional users" field in /etc/group.   
      
   Part of the immediate cleanup will be moving old user-ids out of   
   the 500-999 range. When doing that, it would be good to also align   
   the UIDs and GIDs of the users. (Which means setting aside a range   
   groups like "family", "friends", "coworkers" that do not have a   
   unique user associated.)   
      
   It seems to me, that the best solution would be to provide a hook   
   in the installation process to bring in the old passwd and group   
   files to merge them in.   
      
   And by the way, is there a canonical list of "preferred" values   
   for system service UID and GID?   
      
   -- Lars Poulsen - an old geek in Santa Barbara, California   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)