[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] Looking for reuse: Script to change users UID, change group GID & re-permission files on large scale

To: Allan West <allan@cookie.org>
Subject: Re: [SAGE] Looking for reuse: Script to change users UID, change group GID & re-permission files on large scale
From: jimd@starshine.org (Jim Dennis)
Date: Thu, 20 Jan 2005 17:36:55 -0800
Cc: Steve Simmons <scs@lokkur.dexter.mi.us>, "Carlson, Scott" <Scott.Carlson@schwab.com>, sage-members@sage.org
In-Reply-To: <41EE5D56.4020505@cookie.org>
References: <C4689EC6FE4CDA4FB7F29328DEE46EF1CEC801@nex2004cdc.us.global.schwab.com> <20050118213752.GA17955@lokkur.dexter.mi.us> <41EE5D56.4020505@cookie.org>
Sender: owner-sage-members@usenix.org
User-Agent: Mutt/1.5.6+20040907i

On Wed, Jan 19, 2005 at 08:15:02AM -0500, Allan West wrote:
> Steve Simmons wrote:
>>On Tue, Jan 18, 2005 at 01:33:01PM -0800, Carlson, Scott wrote:

>>> We've created an opportunity (!!) within my company here that I need to
>>> renumber (read UID and GID's) approximately 3000 UNIX accounts across 2000
>>> aix/solaris/redhat machines.
>>> Rather then spend time writing sets of scripts to do this, or worry if I 
>>> got my find parameters right, I'm hoping that someone out there will 
>>> have this exact thing sitting in their script repository.  Anyone care 
>>> to share anything that has worked miracles for them when they've renumbered 
>>> accounts in this manner?

 I wrote such a script long ago, but I fear it wasn't terribly
 generalized and I've long since thrown it away.

 I remember that it did handle any SUID/SGID files correctly (saving
 the mode first, and then restoring them); though it also emitted
 warnings about them (since such user executables are worth
 investigation).  Remember that chown strips the SUID bit from files
 on many systems!

 Of than that it was designed to find a suitable number of unused UIDs
 (starting at some offset) and move everyone and all their files to it.

 I tried to make it reasonably efficient, but still need to do it
 in two passes (the first pass to get all the UIDs into a high range
 and the other to move them back down to the 100+ range --- not
 necessary for any technical reason but its what my boss wanted).

 As I recall it was further complicated by the need to merge in the
 accounts of a newly acquired company, detecting any name conflicts
 and resolving those, too.  Sort of dizzying, when you have both name
 and UID overlaps; so we did the first UID remap of "them", then the
 name collision resolution (forcing name changes among "them" in
 most cases) then the merge (having ensured no overlap/collision among
 names nor UIDs) and finally the last UID remap.

 Luckily it was only a small number of servers!

-- 
Jim Dennis

Follow-Ups:
- Re: [SAGE] Looking for reuse: Script to change users UID, change group GID & re-permission files on large scale
  - From: Pete Ehlke <pde@rfc822.net>

References:
- [SAGE] Looking for reuse: Script to change users UID, change group GID & re-permission files on large scale
  - From: "Carlson, Scott" <Scott.Carlson@schwab.com>
- Re: [SAGE] Looking for reuse: Script to change users UID, change group GID & re-permission files on large scale
  - From: Steve Simmons <scs@lokkur.dexter.mi.us>
- Re: [SAGE] Looking for reuse: Script to change users UID, changegroup GID & re-permission files on large scale
  - From: Allan West <allan@cookie.org>

Prev by Date: Re: [SAGE] Looking for reuse: Script to change users UID, changegroup GID & re-permission files on large scale
Next by Date: Re: [SAGE] Looking for reuse: Script to change users UID, change group GID & re-permission files on large scale
Prev by thread: Re: [SAGE] Looking for reuse: Script to change users UID, changegroup GID & re-permission files on large scale
Next by thread: Re: [SAGE] Looking for reuse: Script to change users UID, change group GID & re-permission files on large scale
Index(es):
- Date
- Thread