cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UID and GID of SAP System users and groups

Go to solution
Former Member

on ‎10-23-2008 11:01 AM

0 Kudos

Hi Experts,

I have installed my DEV server,SandBox and PROD servers (in High availability mode).

Now the Network team is telling that i need to do the fresh installation by deleting the existing installation,because the UID and GID is different across all over the landscape.

for example :

For DEV:

uid=206(orapdv) gid=207(dba) groups=205(sapinst),208(oper)

uid=205(pdvadm) gid=206(sapsys) groups=205(sapinst),207(dba),208(oper)

For NWDI:

uid=207(pdiadm) gid=205(sapsys) groups=204(sapinst),206(dba),207(oper)

uid=205(orapdi) gid=206(dba) groups=204(sapinst),207(oper)

But Network team wanted to have a same GID,UID across landscape.

Can anyone let me know,will it be an issue if I proceed with different UID and GID for the different instances?

Please explain.

Regards,

Karthick

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-23-2008 12:20 PM
0 Kudos

there should not be a issue with different UID and GID but when you want to access shared filesysem ie (/usr/sap/trans) then you will have issues. The same is also covered in installation guide. The user ID (UID) and group ID (GID) of SAP users and groups must be identical for all servers

belonging to the same SAP system.

This does not mean that all users and groups have to be installed on all SAP servers.

follow http://help.sap.com/saphelp_nw70/helpdata/EN/87/80d13fa69a4921e10000000a1550b0/frameset.htm

Regards,

-Sunil

Show replies
Show replies
Former Member
‎10-26-2008 8:58 AM
0 Kudos

Sunil,

Can you please explain the below:

1. I have NWDI to do the transport of code from DEV to QAS and PROD.

Will it be an issue if I try to do the same if I have different UID and GID on DEV ,QAS and PROD Servers?

Regards,

Karthick

Former Member
‎10-30-2008 4:11 AM
0 Kudos

You may face issues with file permission and file ownership while using transport tools across systems.

There are workaronds (changing umask value for users and allowing 777 permissions...) to tackle the situation, but not recommended in an SAP Landscape.

As a best practice you have to maintain same UIDs across the SAP systems. This will make things easier.

/ Manoj

Former Member
‎10-30-2008 11:32 AM
0 Kudos

You want UIDs to be unique, GIDs to be the same across your servers. Some actually keep the same passwd, group files across all systems. NWDI is not an issue because it deploys code on your DEV, QA & PRD via SDM. The NWDI user owns all files in the NWDI instance.

-Regards

Former Member
‎10-31-2008 9:48 AM
0 Kudos

I would not say this is a best practice. Using the same UID etc., the whole SAP Landscape has access to these files as owner, even to the PRD filesystem. This may not be a good idea. It is also confusing when listing files, as the owner changes depending on the system logged into.

For the DB Files etc. the GID as SAPSYS allow correct access. The issue with the Transport system is resolved by SAP and is not as critical as the other files, especially the DB and any downloaded PRD file-transfer scenarios you may have.

Using different UIDs is a very valid option and your Network people should talk to Security and see who wins.

Former Member
‎11-01-2008 8:43 AM
0 Kudos

Hi,

I have reinstalled the Distributed PROD instances with the same GID.

Is it necessary that I need to delete DEV,SANDBOX,QAS environments and need to do fresh installation?

I am confused here.please explain.

Network people says that it is SAP decision and not their responsibility.

???

Regards,

Karthick

Answers (1)

Answers (1)

Former Member
‎10-23-2008 1:26 PM
0 Kudos

I am not sure why your network team is asking you to delete & re-install again. As root, these can be easily fixed with chown and chgrp commands after changing the ids in the /etc/passwd & /etc/group files. In your case, you have to be careful because gid seems to be really mixed. You may want to come up with a new numbers and start changing one id at a time. Make sure your systems are completely down before you do the changes.

-Regards

Show replies
Show replies
Ask a Question