The Oxidized container uses a built-in oxidized user with UID 30000 internally. Previously, the deployment created a host oxidized user with UID 2000. This mismatch caused several issues:
-
File Ownership Complexity
- Container wrote files as UID 30000
- Host needed to access files as UID 2000
- Required complex permission workarounds
-
Script Execution Issues
sudo -u oxidizedon the host ran as UID 2000- Container expected UID 30000
- Needed
setprivorsudo -u "#30000"workarounds
-
Permission Confusion
ls -lshowed30000:30000(container ownership)- Scripts needed to handle both UIDs
- Error messages unclear about which UID was failing
Align the host oxidized user UID with the container's UID (30000).
✅ Simplified File Ownership - All files consistently owned by 30000:30000
✅ Direct Script Execution - sudo -u oxidized works directly
✅ Clear Permissions - Single UID throughout the system
✅ Reduced Complexity - No UID mapping workarounds needed
✅ Better Errors - Clear ownership in error messages
The deploy.sh script automatically detects and migrates existing installations:
-
Detection
- Checks if
oxidizeduser exists with UID 2000 - Compares with target UID 30000 from
.env
- Checks if
-
Pre-Migration Safety
- Stops
oxidized.servicegracefully - Stops
oxidized-logger.service - Waits for clean shutdown
- Stops
-
UID/GID Change
- Uses
usermod -u 30000 oxidized - Uses
groupmod -g 30000 oxidized - Updates system user database
- Uses
-
File Ownership Update
- Finds all files owned by old UID (2000)
- Recursively updates under
/var/lib/oxidized/ - Preserves all permissions and timestamps
-
Verification
- Confirms new UID/GID
- Restarts services
- Validates API connectivity
If you need to migrate manually:
# 1. Stop services
sudo systemctl stop oxidized.service oxidized-logger.service
# 2. Change user/group ID
sudo usermod -u 30000 oxidized
sudo groupmod -g 30000 oxidized
# 3. Update file ownership
sudo find /var/lib/oxidized/ -user 2000 -exec chown 30000:30000 {} +
sudo find /var/lib/oxidized/ -group 2000 -exec chown 30000:30000 {} +
# 4. Restart services
sudo systemctl start oxidized.service oxidized-logger.serviceNote: The automated migration in deploy.sh is safer and more thorough.
id oxidized
# Expected output: uid=30000(oxidized) gid=30000(oxidized) groups=30000(oxidized)ls -ldn /var/lib/oxidized/
# Expected: 30000 30000 ... /var/lib/oxidized/
ls -ldn /var/lib/oxidized/repo
# Expected: 30000 30000 ... /var/lib/oxidized/repo
ls -ldn /var/lib/oxidized/config
# Expected: 30000 30000 ... /var/lib/oxidized/config# Check repository files
ls -ln /var/lib/oxidized/repo/
# Check config files
ls -ln /var/lib/oxidized/config/
# All should show 30000:30000sudo systemctl status oxidized.service
# Should show: active (running)
sudo systemctl status oxidized-logger.service
# Should show: active (running)curl -s http://127.0.0.1:8888/nodes | jq
# Should return JSON list of devicessudo journalctl -u oxidized.service -n 50
# Should show successful startup, no UID errorsCause: Host user still has old UID
Solution: Re-run migration
sudo ./scripts/deploy.shCause: Some files still owned by UID 2000
Solution: Update ownership manually
sudo chown -R 30000:30000 /var/lib/oxidized/Cause: Stale PID file
Solution: Clean PID and restart
sudo rm -f /var/lib/oxidized/data/oxidized.pid
sudo systemctl restart oxidized.serviceCause: Repository ownership incorrect
Solution: Fix repo ownership
sudo chown -R 30000:30000 /var/lib/oxidized/repo/
sudo -u oxidized git -C /var/lib/oxidized/repo status- ✅ No impact
- UID 30000 used from the start
.envalready defaults to 30000
- ✅ Automatic migration during next
deploy.shrun - ⏱️ Migration takes ~10-30 seconds depending on file count
- 🔄 Services briefly stopped during migration
- ✅ All data preserved
- ✅ No configuration changes needed
Before Migration:
# Complex workaround needed
sudo setpriv --reuid=30000 --regid=30000 git -C /var/lib/oxidized/repo statusAfter Migration:
# Simple, direct execution
sudo -u oxidized git -C /var/lib/oxidized/repo statusBefore (old default):
OXIDIZED_UID=2000
OXIDIZED_GID=2000After (new default):
OXIDIZED_UID=30000 # Matches container's internal oxidized user
OXIDIZED_GID=30000Note: Existing .env files are not modified automatically. The migration works regardless of the .env value, but it's recommended to update for clarity.
- ✅ Container configuration unchanged
- ✅ Quadlet file unchanged
- ✅ Volume mounts unchanged
- ✅ File permissions unchanged (still 644/755)
- ✅ Directory structure unchanged
Before Migration (complex):
# Had to detect UID from file ownership
OXIDIZED_UID=$(stat -c '%u' /var/lib/oxidized/repo)
# Then use setpriv
sudo setpriv --reuid=$OXIDIZED_UID git pushAfter Migration (simple):
# Direct user reference
sudo -u oxidized git pushBefore Migration (error-prone):
# Wrong UID used
sudo -u oxidized ssh-keygen # Creates as UID 2000, container can't use!After Migration (works correctly):
# Correct UID automatically
sudo -u oxidized ssh-keygen # Creates as UID 30000, container uses it!Before Migration (confusing):
ls -l /var/lib/oxidized/repo
# Shows: 30000 30000 (container ownership)
id oxidized
# Shows: uid=2000 (host ownership)
# Confusion: Which is correct?After Migration (clear):
ls -l /var/lib/oxidized/repo
# Shows: 30000 30000
id oxidized
# Shows: uid=30000
# Clear: Both match!- 2026-02-13: UID migration implemented
- Automatic: Runs during next
deploy.shexecution - Backwards Compatible: No breaking changes
- REMOTE_REPOSITORY.md - Uses simplified UID approach
- SERVICE-MANAGEMENT.md - Updated for UID 30000
- DEPLOYMENT-NOTES.md - Migration details
The UID migration from 2000 to 30000 is:
✅ Automatic - No manual intervention required ✅ Safe - Preserves all data and settings ✅ Simple - Runs during next deployment ✅ Beneficial - Eliminates complexity and confusion ✅ Backwards Compatible - Works with existing installations
The migration is automatic, safe, and provides immediate benefits.