I made some discoveries on a test system: root@IDTest:/etc# date; usermod -u 204 Debian-exim Tue Mar 28 15:01:19 PDT 2017 usermod: user Debian-exim is currently used by process 664
and this left everything, including the running process and passwd untouched. So I don't have to worry about what happens when I usermod the id when a process is running; usermod won't do that. Of course I can still edit the passwd file by hand, but by itself I assume this will leave the uid of existing processes and files unchanged (except they will display differently in ls or ps). Also, after I stopped exim4 and executed the usermod command above, only the passwd file changed. So that's easy enough to do offline. As documented, usermod changes the uids of files in the user home directory and below, but leaves others untouched: root@IDTest:/etc# find / -uid 104 -ls find: `/proc/5056/task/5056/fd/5': No such file or directory find: `/proc/5056/task/5056/fdinfo/5': No such file or directory find: `/proc/5056/fd/5': No such file or directory find: `/proc/5056/fdinfo/5': No such file or directory 131764 4 drwxr-s--- 2 104 adm 4096 Mar 28 12:52 /var/log/exim4 131486 4 -rw-r----- 1 104 adm 756 Mar 28 14:56 /var/log/exim4/mainlog 10943 0 drwxr-x--- 2 104 Debian-exim 40 Mar 28 15:03 /run/exim4 root@IDTest:/etc# find / -uid 204 -ls find: `/proc/5057/task/5057/fd/5': No such file or directory find: `/proc/5057/task/5057/fdinfo/5': No such file or directory find: `/proc/5057/fd/5': No such file or directory find: `/proc/5057/fdinfo/5': No such file or directory 131766 4 drwxr-x--- 5 Debian-exim Debian-exim 4096 Mar 28 12:50 /var/spool/exim4 131768 4 drwxr-x--- 2 Debian-exim Debian-exim 4096 Mar 28 12:50 /var/spool/exim4/input 131769 4 drwxr-x--- 2 Debian-exim Debian-exim 4096 Mar 28 12:50 /var/spool/exim4/msglog 131767 4 drwxr-x--- 2 Debian-exim Debian-exim 4096 Mar 28 12:50 /var/spool/exim4/db Ross
