[OpenAFS] How to modify AFS uid after user has been created
Thu, 21 May 2015 13:14:10 -0400
On 05/21/2015 12:02 PM, Jan Iven wrote:
> On 05/21/2015 05:37 PM, Susan Litzinger wrote:
>> We have a situation where we need to change the AFS uids for a handful
>> of long-time users who have uids that are < 1000. I can't seem to find
>> any way to change the AFS uid for anyone after they have been created.
>> Has anyone else run into this problem, and if so, how did you resolve it?
> I guess the major issue is finding all files owned by the user. Per my
> understanding the numeric ID is used everywhere, so this mean crawling the full
> cell. Which is why we never have done this ourselves.. despite having some
> inconveniently low-IDed users.
> Naive approach:
> pts rename -oldname OLD -newname TMP
> pts createuser -name OLD -id NEWID
> pts mem TMP
> # and then add the new user OLD to all the groups that TMP is member of, this
> presumably could be scripted..
> pts listowned TMP
> # and then pts chown these to OLD
> # then: crawl all directories in cell, fs la, identify ACLs owned by TMP, add
> same ACL for OLD.
> # For beautification: also "chown" at file system level for files/directories
> created by TMP, in order to not leave the previous (numeric) userID all over the
> # there might be a way to do this in parallel directly on the fileservers via
> "volscan" (new in 1.6.10), would look at "-find acl -output path aid arights";
> similar for -find file dir -output path owner
> # still need to cope with the volume-relative path names
> # if you are sure the user could not possibly ever have created a file
> elsewhere, you might be able to constrain this to subtrees they had write to
> (ex: the home directory).
> # eventually:
> pts deleteuser TMP
We setup a new cell on campus (crc.nd.edu) about 7 years ago
where we changed the minimum uid from 101 to 1101 - while this is
not the exact same scenario it is quite similiar.
The first step is identifying the users - in our case it turned out that
there were far less than I initially thought - then we found holes in the
uids above 1100 and then remapped the users - I believe your scenario is
roughly the same - One thought is to modify the userid from say rich to
nrich (new rich) which has the new uid and then copy all the users data/
protections, passwords/etc over behind the scene - the other is
just delete and move.
Here's a link which we have for users on campus who might be moving between
> OpenAFS-info mailing list
University of Notre Dame
Center for Research Computing - Union Station
506 W. South St
South Bend, In 46601
(574) 631-7258 (office)
(574) 807-1046 (cell)