[OpenAFS] How to modify AFS uid after user has been created

Jan Iven jan.iven@cern.ch
Thu, 21 May 2015 18:02:50 +0200


On 05/21/2015 05:37 PM, Susan Litzinger wrote:
> We have a situation where we need to change the AFS uids for a handful
> of long-time users who have uids that are < 1000.  I can't seem to find
> any way to change the AFS uid for anyone after they have been created.
> Has anyone else run into this problem, and if so, how did you resolve it?

I guess the major issue is finding all files owned by the user. Per my 
understanding the numeric ID is used everywhere, so this mean crawling 
the full cell. Which is why we never have done this ourselves.. despite 
having some inconveniently low-IDed users.

Naive approach:

pts rename -oldname OLD -newname TMP
pts createuser -name OLD -id NEWID

pts mem TMP
# and then add the new user OLD to all the groups that TMP is member of, 
this presumably could be scripted..
pts listowned TMP
# and then pts chown these to OLD

# then: crawl all directories in cell, fs la, identify ACLs owned by 
TMP, add same ACL for OLD.
# For beautification: also "chown" at file system level for 
files/directories created by TMP, in order to not leave the previous 
(numeric) userID all over the place.

# there might be a way to do this in parallel directly on the 
fileservers via "volscan" (new in 1.6.10), would look at "-find acl 
-output path aid arights"; similar for -find file dir -output path owner
# still need to cope with the volume-relative path names

# if you are sure the user could not possibly ever have created a file 
elsewhere, you might be able to constrain this to subtrees they had 
write to (ex: the home directory).

# eventually:
pts deleteuser TMP



Regards
jan