Moving the UID/GID of a user

From Computer Laboratory System Administration
Revision as of 16:06, 21 March 2017 by mgk25 (talk | contribs) (first draft (to be continued))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

This page documents the recommended procedure for moving the UID and/or GID of a user in the CL Unix LDAP tables.

Background

Modern POSIX operating systems expect users to have a numeric user identity (UID) of at least 1000, as lower UIDs are reserved for pseudo-users allocated by the operating-system vendor. When the Computer Laboratory first used Unix filesystems in the mid 1980s, that limit was still at 100. As a result, we still have, as of 2016, 20 users with UID < 1000.

Moving process

  1. Inform user of the planned date and time of the change and advise them to log out and (ideally) also terminate long-running processes during the migration period.
  2. Ask the user on what other POSIX filesystems than those on elmer they own files (local disks of desktops, servers and virtual machines connected to the Unix LDAP servers)
  3. Make a note of their old numeric UID and GID. We will refer to these as $old_UID and $old_GID.
  4. Update in the administrative database their UID and GID to their new value, and make a note of these. We will refer to these as $new_UID and $new_GID. As per the new departmental UID/GID allocation plan:
    • If the user is a person identified by CRSID: make sure 1100 ≤ $new_UID = $new_GID < 9000.
    • For a pseudo-user: make sure 9000 ≤ $new_UID = $new_GID < 9500.
  5. Make a list of directory prefixes where they have files with their $old_UID:

[... to be continued ...]

Retrieved from "https://wiki.cam.ac.uk/wiki/cl-sys-admin/index.php?title=Moving_the_UID/GID_of_a_user&oldid=3442"