General discussion about Chef

[chef] Re: Re: Re: Re: Updating uid/gid of existing user


Chronological Thread 
  • From: Eric Herot < >
  • To:
  • Subject: [chef] Re: Re: Re: Re: Updating uid/gid of existing user
  • Date: Wed, 17 Dec 2014 10:55:51 -0500
Think of the user ID as being basically the “primary key” for a user object.

This stack overflow post explains pretty well why primary keys are notoriously difficult to update (and why doing so is generally a bad idea):

http://stackoverflow.com/questions/3838414/can-we-update-primary-key-values-of-a-table

I take it the real requirement here is that this user must have the same UID across all nodes in the cluster. Is it possible to specify the UID you want to use in the package seed data so that it always uses the same (hard-coded) ID upon install?  Of course this will deal with new installations but existing installs are probably still going to be a bit of a manual process (like the one Jeff describes below).

-- 
Eric

On December 17, 2014 at 9:33:38 AM, Jeff Blaine ( "> ) wrote:

On 12/17/2014 7:28 AM, Nils-Helge Garli Hegvik wrote:
> Yeah, that part I have figured out. The issue is what happens to files
> owned to the previous uid/gid, that is not in the user home folder.
>
> Nils-H

Hi Nils,

No, the user resource does not address this. This is when a human is the
tool for the job. You will need to manually, one-time, address this on
your systems via (most likely) various invocations if the 'find'
command. You have uncovered a lack of previous planning (centralized
directory services and/or UID/GID policies) and now get to rectify it
once and for all, but there's no magic tool to help you unwind legacy.

An analogy is, "I have 3 MySQL databases. Will the PostgreSQL cookbook
code find them on the network and migrate them to PostgreSQL?" :)

Jeff

> On Wed, Dec 17, 2014 at 1:20 PM, Tiago Cruz < "> > wrote:
>> You can "force" in your recipe like this:
>>
>> group "deployer" do
>> gid "501"
>> end
>>
>> user "deployer" do
>> uid "501"
>> group "deployer"
>> comment "deployer"
>> end
>>
>>
>>
>> On Wed, Dec 17, 2014 at 6:08 AM, Nils-Helge Garli Hegvik < "> >
>> wrote:
>>>
>>> Hi!
>>>
>>> I need to take control over a user created by a package that is
>>> installed in our syste, so it does not change between
>>> uninstall/install. Therefore, I want to use the "user" resource to
>>> define a uid and gid for this user, so it is already created/modified
>>> before the package is installed. The problem is, the user already have
>>> different uid/gid between different nodes, so I can't really just find
>>> the current uid and then set it to that uid. For some nodes, this will
>>> cause the uid of the user to change. So, the question is, how do I
>>> handle ownership of existing files and directories where this will
>>> cause the uid to change? For files in the home folder, this is handled
>>> automatically by the 'usermod' command, but not so for files
>>> elsewhere. I assume someone has come across this issue before, so how
>>> did you handle it? Can the current "user" resource handle this, or
>>> does a recipe exist that can handle this?
>>>
>>> Regards,
>>>
>>> Nils-Helge Garli Hegvik
>>
>>
>>
>> --
>> -- Tiago Cruz
>>
>
>

--
Jeff Blaine
kickflop.net
PGP/GnuPG Key ID: 0x0C8EDD02

Archive powered by MHonArc 2.6.16.

§