On 12/19/2011 7:01 PM, Lewis, Dave wrote:
Hi, The UIDs of some of our users are low, between 100 and 130. Our AFS UIDs are the same as our Unix UIDs (which are in NIS). Recently someone switched a workstation from CentOS to Ubuntu in our cell, and I found some UID conflicts with system daemons. For example, one user has a UID of 108. On the Ubuntu workstation, kernoops has the same UID (as listed in /etc/passwd). Another user has UID=112, which is listed in /etc/passwd for saned. There are a few other user/system UID matches. So now users "own" some system files on the Ubuntu workstation. :-( These user accounts were created long ago on a server for which the system daemon UIDs were< 100. This is the first system on which we have seen such a UID conflict. We're planning to have more Ubuntu/Debian computers here. If we want to avoid conflicts between UIDs of normal users and system daemons, what's the best way to go about it?
Debian policy found at at: http://www.debian.org/doc/debian-policy/ch-opersys.html 9.2.2 UID and GID classes 100-999: "Dynamically allocated system users and groups. Packages which need a user or group, but can have this user or group allocated dynamically and differently on each system, should use adduser --system to create the group and/or user. adduser will check for the existence of the user or group, and if necessary choose an unused id based on the ranges specified in adduser.conf." So it might be easier to reassign the deamon's UIDs then the user's UIDs and on additional systems, update the adduser.conf to a range that does not include any existing real users.
I can change the Unix UID for a user and then chown all of that user's files. However, the AFS docs say that it is important for the AFS UIDs to match the Unix UIDs, and I don't see how to change an AFS UID. Thanks, Dave ============================================================== David P. Lewis Center for Advanced Brain Imaging, Division of Medical Physics The Nathan S. Kline Institute for Psychiatric Research 140 Old Orangeburg Road, Orangeburg, NY 10962 Conserve Resources. Print only when necessary. IMPORTANT NOTICE: This e-mail is meant only for the use of the intended recipient. It may contain confidential information which is legally privilegedor otherwise protected by law. If you received this e-mail in error or from someone who is not authorized to send it to you, you are strictly prohibited from reviewing, using, disseminating, distributing or copying the e-mail. PLEASE NOTIFY US IMMEDIATELY OF THE ERROR BY RETURN E-MAIL AND DELETE THIS MESSAGE FROM YOUR SYSTEM. Thank you for your cooperation. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
-- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
