Werk #18145: omd create: Create system group

Component	Site management
Title	omd create: Create system group
Date	Jun 24, 2025
Level	Prominent Change
Class	Bug Fix
Compatibility	Compatible - no manual interaction needed
Checkmk versions & editions	2.5.0b1 Not yet released Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME) 2.4.0p6 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME) 2.3.0p35 Not yet released Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

The command omd create <SITE> will create the user <SITE> and the group <SITE>. Previously, the group created by omd was not a system group. With this Werk, this has been fixed.

Background

The site user is always created as a system user, since omd invokes this command:

useradd -r -d '<SITE>' -c 'OMD site <SITE>' -g <SITE> -G omd <SITE> -s /bin/bash

In particular, the user identifier is chosen in the SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs. omd will now invoke

groupadd -r '<SITE>'

whereas it previously invoked

groupadd '<SITE>'

This means the group identifier will be chosen in the SYS_GID_MIN-SYS_GID_MAX instead of GID_MIN-GID_MAX on a freshly created site.

Note, that this Werk leaves existing groups unchanged and we recommend to be very cautious of changing a GID. If you opt to do so anyway, be aware that it is unsufficient to invoke groupmod by itself. At the very minimum, you must also:

• Restart all existing processes with the old GID.
• Update the GID of all files and directories. Note, that chgrp will also clear suid and sgid flags, which need to be restored afterwards.
• If you have archives, such as the one created by omd backup, it will contain the old GID.
• Double check /etc/passwd, which won't be updated by groupmod according to some sources.

To the list of all Werks