Thanks all -- I followed the directions set out by IBM and things worked fine ..
Much appreciated , Susan On Thu, May 21, 2015 at 12:49 PM, Michael Meffie <[email protected]> wrote: > On Thu, 21 May 2015 18:02:50 +0200 > Jan Iven <[email protected]> wrote: > > > On 05/21/2015 05:37 PM, Susan Litzinger wrote: > > > We have a situation where we need to change the AFS uids for a handful > > > of long-time users who have uids that are < 1000. I can't seem to find > > > any way to change the AFS uid for anyone after they have been created. > > > Has anyone else run into this problem, and if so, how did you resolve > it? > > > > I guess the major issue is finding all files owned by the user. Per my > > understanding the numeric ID is used everywhere, so this mean crawling > > the full cell. Which is why we never have done this ourselves.. despite > > having some inconveniently low-IDed users. > > > > Naive approach: > > > > pts rename -oldname OLD -newname TMP > > pts createuser -name OLD -id NEWID > > > > pts mem TMP > > # and then add the new user OLD to all the groups that TMP is member of, > > this presumably could be scripted.. > > pts listowned TMP > > # and then pts chown these to OLD > > > > # then: crawl all directories in cell, fs la, identify ACLs owned by > > TMP, add same ACL for OLD. > > # For beautification: also "chown" at file system level for > > files/directories created by TMP, in order to not leave the previous > > (numeric) userID all over the place. > > > > # there might be a way to do this in parallel directly on the > > fileservers via "volscan" (new in 1.6.10), would look at "-find acl > > -output path aid arights"; similar for -find file dir -output path owner > > # still need to cope with the volume-relative path names > > > > # if you are sure the user could not possibly ever have created a file > > elsewhere, you might be able to constrain this to subtrees they had > > write to (ex: the home directory). > > > > # eventually: > > pts deleteuser TMP > > > Hello, > > IBM published this description of how you can do such a migration: > > http://www-01.ibm.com/support/docview.wss?uid=swg21104412 > > The user ids are used in multiple places, and all of them will need to be > updated. > > - the ptserver database > - possibly in ACLs in the volume metadata > - in the file and directory ownerships > > volscan can be helpful for this transition, by searching for places that > need > to be updated without resorting to find. > > I've done a renumbering migration in the past by creating a new set of > usernames (with new pts ids), adding the new pts ids to the groups that > need > them, changing ownerships, renaming the users to move them to the new id, > then > after all is well, removing the old ids. It's a tedious process, but is > doable. > > Mike -- > > -- > Michael Meffie <[email protected]> > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info >
