# Best way to avoide UID/GID conflicts across new systems



## leveraction (Nov 7, 2017)

I am setting up several new FreeBSD servers (using bhyve).  There are currently no users (other than me and root).  I use NFS and have run into problems with GID and UID conflicts across systems in the past and would like to avoid that if possible.  Is there a standard way of handling this?  I have seen LDAP and NIS mentioned and those may be the way to go, but before I get neck deep in that I was hoping to confirm what I should be reading about.  Thanks in advance.


----------



## ekingston (Nov 7, 2017)

I believe LDAP is the current preferred way to set-up user accounts at a network level. NIS is somewhat old and hasn't changed in a very long time.

Also note, NFSv4 uses symbolic names instead of UID/GID if you set it up right. This reduces the problem when you don't have network authentication.

https://www.freebsd.org/cgi/man.cgi?query=nfsv4&sektion=4


----------



## ralphbsz (Nov 7, 2017)

For a small shop, the easiest is to create a single master list of all users and groups.  One way to handle it is to declare one server to be the "master", whose /etc/passwd and /etc/group rule over all others.  That server doesn't have to be the only NFS server, it just has to have the master copy of the user/group list.

For a large shop, LDAP seems to be the tool of choice.  Or use implementations that can do UID/GID translation or symbolic names.  All these things are lots of work and painful.


----------

