I came across the same need when I migrated a network a while ago to Samba/winbind-based authentication.
The solution is indeed what Jeff had recommended: use the find command and the chown command. You can do it all in a single line (per user). The script needs as input the old UID (obviously), and either the new uid, or a way to resolve it.
You can do it automatically in chef with a script resource.
There are a couple pitfalls. One I can think of: group memberships may also need to be updated, especially if you are transitioning to a different authentication mechanism the way I did. If you stick with just /etc/passwd and /etc/group a simple change of UID should not affect group memberships (because group membership is managed by name, not by UID).
If the affected users are system users, you may also run into issues of services running with the wrong uid.
If I remember right, some iptables modules allow you to specify rules that involve the uid.
Bottom line: try to use the find/chown approach, but be prepared for stuff to break.
Kevin Keane
The NetTech
http://www.4nettech.com
Our values: Privacy, Liberty, Justice
See https://www.4nettech.com/corp/the-nettech-values.html
-----Original message-----
From: Nils-Helge Garli Hegvik < >
Sent: Wednesday 17th December 2014 14:43
To:
Subject: [chef] Re: Re: Re: Re: Re: Updating uid/gid of existing user
Thank you for the replies. I'm aware of the difficulties. Just wanted
to check if someone had handled this with chef already. It's a third
party package, so I would like to avoid rebuilding the package to hard
code the uid there. And it would still require the same manual
handling I guess, since the user already have different uids on
different nodes.
Regards,
Nils-Helge Garli Hegvik
On Wed, Dec 17, 2014 at 4:55 PM, Eric Herot < > wrote:
> Think of the user ID as being basically the “primary key” for a user object.
>
> This stack overflow post explains pretty well why primary keys are
> notoriously difficult to update (and why doing so is generally a bad idea):
>
> http://stackoverflow.com/questions/3838414/can-we-update-primary-key-values-of-a-table
>
> I take it the real requirement here is that this user must have the same UID
> across all nodes in the cluster. Is it possible to specify the UID you want
> to use in the package seed data so that it always uses the same (hard-coded)
> ID upon install? Of course this will deal with new installations but
> existing installs are probably still going to be a bit of a manual process
> (like the one Jeff describes below).
>
> --
> Eric
>
> On December 17, 2014 at 9:33:38 AM, Jeff Blaine ( )
> wrote:
>
> On 12/17/2014 7:28 AM, Nils-Helge Garli Hegvik wrote:
>> Yeah, that part I have figured out. The issue is what happens to files
>> owned to the previous uid/gid, that is not in the user home folder.
>>
>> Nils-H
>
> Hi Nils,
>
> No, the user resource does not address this. This is when a human is the
> tool for the job. You will need to manually, one-time, address this on
> your systems via (most likely) various invocations if the 'find'
> command. You have uncovered a lack of previous planning (centralized
> directory services and/or UID/GID policies) and now get to rectify it
> once and for all, but there's no magic tool to help you unwind legacy.
>
> An analogy is, "I have 3 MySQL databases. Will the PostgreSQL cookbook
> code find them on the network and migrate them to PostgreSQL?" :)
>
> Jeff
>
>> On Wed, Dec 17, 2014 at 1:20 PM, Tiago Cruz < >
>> wrote:
>>> You can "force" in your recipe like this:
>>>
>>> group "deployer" do
>>> gid "501"
>>> end
>>>
>>> user "deployer" do
>>> uid "501"
>>> group "deployer"
>>> comment "deployer"
>>> end
>>>
>>>
>>>
>>> On Wed, Dec 17, 2014 at 6:08 AM, Nils-Helge Garli Hegvik
>>> < >
>>> wrote:
>>>>
>>>> Hi!
>>>>
>>>> I need to take control over a user created by a package that is
>>>> installed in our syste, so it does not change between
>>>> uninstall/install. Therefore, I want to use the "user" resource to
>>>> define a uid and gid for this user, so it is already created/modified
>>>> before the package is installed. The problem is, the user already have
>>>> different uid/gid between different nodes, so I can't really just find
>>>> the current uid and then set it to that uid. For some nodes, this will
>>>> cause the uid of the user to change. So, the question is, how do I
>>>> handle ownership of existing files and directories where this will
>>>> cause the uid to change? For files in the home folder, this is handled
>>>> automatically by the 'usermod' command, but not so for files
>>>> elsewhere. I assume someone has come across this issue before, so how
>>>> did you handle it? Can the current "user" resource handle this, or
>>>> does a recipe exist that can handle this?
>>>>
>>>> Regards,
>>>>
>>>> Nils-Helge Garli Hegvik
>>>
>>>
>>>
>>> --
>>> -- Tiago Cruz
>>>
>>
>>
>
> --
> Jeff Blaine
> kickflop.net
> PGP/GnuPG Key ID: 0x0C8EDD02
Archive powered by MHonArc 2.6.16.