On 05/21/2015 12:02 PM, Jan Iven wrote:
On 05/21/2015 05:37 PM, Susan Litzinger wrote:
We have a situation where we need to change the AFS uids for a handful
of long-time users who have uids that are < 1000. I can't seem to find
any way to change the AFS uid for anyone after they have been created.
Has anyone else run into this problem, and if so, how did you resolve it?
I guess the major issue is finding all files owned by the user. Per my
understanding the numeric ID is used everywhere, so this mean crawling the full
cell. Which is why we never have done this ourselves.. despite having some
inconveniently low-IDed users.
Naive approach:
pts rename -oldname OLD -newname TMP
pts createuser -name OLD -id NEWID
pts mem TMP
# and then add the new user OLD to all the groups that TMP is member of, this
presumably could be scripted..
pts listowned TMP
# and then pts chown these to OLD
# then: crawl all directories in cell, fs la, identify ACLs owned by TMP, add
same ACL for OLD.
# For beautification: also "chown" at file system level for files/directories
created by TMP, in order to not leave the previous (numeric) userID all over the
place.
# there might be a way to do this in parallel directly on the fileservers via
"volscan" (new in 1.6.10), would look at "-find acl -output path aid arights";
similar for -find file dir -output path owner
# still need to cope with the volume-relative path names
# if you are sure the user could not possibly ever have created a file
elsewhere, you might be able to constrain this to subtrees they had write to
(ex: the home directory).
# eventually:
pts deleteuser TMP
Regards
jan
Hi Jan
We setup a new cell on campus (crc.nd.edu) about 7 years ago
where we changed the minimum uid from 101 to 1101 - while this is
not the exact same scenario it is quite similiar.
The first step is identifying the users - in our case it turned out that
there were far less than I initially thought - then we found holes in the
uids above 1100 and then remapped the users - I believe your scenario is
roughly the same - One thought is to modify the userid from say rich to
nrich (new rich) which has the new uid and then copy all the users data/
protections, passwords/etc over behind the scene - the other is
just delete and move.
Here's a link which we have for users on campus who might be moving between
cells -
http://wiki.crc.nd.edu/wiki/index.php/Setup_CRC_AFS_Cell_Access
Sincerely,
Rich
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
--
Rich Sudlow
University of Notre Dame
Center for Research Computing - Union Station
506 W. South St
South Bend, In 46601
(574) 631-7258 (office)
(574) 807-1046 (cell)
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
