[OpenAFS] How to modify AFS uid after user has been created

Rich Sudlow rich@nd.edu
Thu, 21 May 2015 13:14:10 -0400


On 05/21/2015 12:02 PM, Jan Iven wrote:
> On 05/21/2015 05:37 PM, Susan Litzinger wrote:
>> We have a situation where we need to change the AFS uids for a handful
>> of long-time users who have uids that are < 1000.  I can't seem to find
>> any way to change the AFS uid for anyone after they have been created.
>> Has anyone else run into this problem, and if so, how did you resolve it?
>
> I guess the major issue is finding all files owned by the user. Per my
> understanding the numeric ID is used everywhere, so this mean crawling the full
> cell. Which is why we never have done this ourselves.. despite having some
> inconveniently low-IDed users.
>
> Naive approach:
>
> pts rename -oldname OLD -newname TMP
> pts createuser -name OLD -id NEWID
>
> pts mem TMP
> # and then add the new user OLD to all the groups that TMP is member of, this
> presumably could be scripted..
> pts listowned TMP
> # and then pts chown these to OLD
>
> # then: crawl all directories in cell, fs la, identify ACLs owned by TMP, add
> same ACL for OLD.
> # For beautification: also "chown" at file system level for files/directories
> created by TMP, in order to not leave the previous (numeric) userID all over the
> place.
>
> # there might be a way to do this in parallel directly on the fileservers via
> "volscan" (new in 1.6.10), would look at "-find acl -output path aid arights";
> similar for -find file dir -output path owner
> # still need to cope with the volume-relative path names
>
> # if you are sure the user could not possibly ever have created a file
> elsewhere, you might be able to constrain this to subtrees they had write to
> (ex: the home directory).
>
> # eventually:
> pts deleteuser TMP
>
>
>
> Regards
> jan
>

Hi Jan

We setup a new cell on campus (crc.nd.edu) about 7 years ago
where we changed the minimum uid from 101 to 1101 - while this is
not the exact same scenario it is quite similiar.

The first step is identifying the users - in our case it turned out that
there were far less than I initially thought - then we found holes in the
uids above 1100 and then remapped the users - I believe your scenario is
roughly the same - One thought is to modify the userid from say rich to
nrich (new rich) which has the new uid and then copy all the users data/
protections, passwords/etc  over behind the scene - the other is
just delete and move.

Here's a link which we have for users on campus who might be moving between
cells -

http://wiki.crc.nd.edu/wiki/index.php/Setup_CRC_AFS_Cell_Access

Sincerely,


Rich


>
>
>
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info


-- 
Rich Sudlow
University of Notre Dame
Center for Research Computing - Union Station
506 W. South St
South Bend, In 46601

(574) 631-7258 (office)
(574) 807-1046 (cell)