[OpenAFS] UID conflicts

Lewis, Dave LEWIS@NKI.RFMH.ORG
Mon, 19 Dec 2011 20:01:12 -0500 

Hi,

The UIDs of some of our users are low, between 100 and 130.  Our AFS
UIDs are the same as our Unix UIDs (which are in NIS).  Recently someone
switched a workstation from CentOS to Ubuntu in our cell, and I found
some UID conflicts with system daemons.

For example, one user has a UID of 108.  On the Ubuntu workstation,
kernoops has the same UID (as listed in /etc/passwd).  Another user has
UID=3D112, which is listed in /etc/passwd for saned.  There are a few
other user/system UID matches.

So now users "own" some system files on the Ubuntu workstation. :-(

These user accounts were created long ago on a server for which the
system daemon UIDs were < 100.  This is the first system on which we
have seen such a UID conflict.

We're planning to have more Ubuntu/Debian computers here.  If we want to
avoid conflicts between UIDs of normal users and system daemons, what's
the best way to go about it?

I can change the Unix UID for a user and then chown all of that user's
files.  However, the AFS docs say that it is important for the AFS UIDs
to match the Unix UIDs, and I don't see how to change an AFS UID.

Thanks,
Dave

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
David P. Lewis=20
Center for Advanced Brain Imaging, Division of Medical Physics=20
The Nathan S. Kline Institute for Psychiatric Research=20
140 Old Orangeburg Road, Orangeburg, NY 10962=20



Conserve Resources. Print only when necessary.

IMPORTANT NOTICE: This e-mail is meant only for the use of the intended r=
ecipient. It may contain confidential information which is legally privil=
egedor otherwise protected by law. If you received this e-mail in error o=
r from someone who is not authorized to send it to you, you are strictly =
prohibited from reviewing, using, disseminating, distributing or copying =
the e-mail. PLEASE NOTIFY US IMMEDIATELY OF THE ERROR BY RETURN E-MAIL AN=
D DELETE THIS MESSAGE FROM YOUR SYSTEM. Thank you for your cooperation.