[OpenAFS] UID conflicts

Russ Allbery rra@stanford.edu
Mon, 19 Dec 2011 17:33:01 -0800

"Lewis, Dave" <LEWIS@NKI.RFMH.ORG> writes:

> We're planning to have more Ubuntu/Debian computers here.  If we want to
> avoid conflicts between UIDs of normal users and system daemons, what's
> the best way to go about it?

> I can change the Unix UID for a user and then chown all of that user's
> files.  However, the AFS docs say that it is important for the AFS UIDs
> to match the Unix UIDs, and I don't see how to change an AFS UID.

Unfortunately, there's no good way to change the AFS UID without doing the
same thing, which is of course rather tedious in AFS.  The good news is
that AFS for the most part doesn't care a great deal about file ownership,
so you can (in most cases) skip the chown, although there are a few
exceptions.  But you'd need to change all the ACLs if you change the AFS
PTS ID number.

You can use different local UIDs and AFS PTS IDs and everything will
continue to work properly.  AFS doesn't actually care what your local UID
is; it will use whatever your PTS ID is for such things as file
ownership.  However, some local software (particularly on Mac OS X) can
get confused.

My recommendation would be to change the user's UIDs but leave the AFS PTS
IDs for existing accounts alone and see if you can live with the
mismatch.  I've personally been using AFS for many years with a different
local UID than my AFS PTS ID and never notice any more.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>