[OpenAFS] How to modify AFS uid after user has been created
Thu, 21 May 2015 18:02:50 +0200
On 05/21/2015 05:37 PM, Susan Litzinger wrote:
> We have a situation where we need to change the AFS uids for a handful
> of long-time users who have uids that are < 1000. I can't seem to find
> any way to change the AFS uid for anyone after they have been created.
> Has anyone else run into this problem, and if so, how did you resolve it?
I guess the major issue is finding all files owned by the user. Per my
understanding the numeric ID is used everywhere, so this mean crawling
the full cell. Which is why we never have done this ourselves.. despite
having some inconveniently low-IDed users.
pts rename -oldname OLD -newname TMP
pts createuser -name OLD -id NEWID
pts mem TMP
# and then add the new user OLD to all the groups that TMP is member of,
this presumably could be scripted..
pts listowned TMP
# and then pts chown these to OLD
# then: crawl all directories in cell, fs la, identify ACLs owned by
TMP, add same ACL for OLD.
# For beautification: also "chown" at file system level for
files/directories created by TMP, in order to not leave the previous
(numeric) userID all over the place.
# there might be a way to do this in parallel directly on the
fileservers via "volscan" (new in 1.6.10), would look at "-find acl
-output path aid arights"; similar for -find file dir -output path owner
# still need to cope with the volume-relative path names
# if you are sure the user could not possibly ever have created a file
elsewhere, you might be able to constrain this to subtrees they had
write to (ex: the home directory).
pts deleteuser TMP