Modifying User and Group IDs
Bit and pieces for answering this question are available online, but I'm trying to coordinate the information cohesively. I suspect I am not the first person to run into this cute little challenge and I think a thread will benefit many people.
When I installed Slack on my first box I created various user accounts and group names. When I acquired a second box, I repeated the routine. All was well until I decided to network the boxes. I then discovered what is probably a common problem in this type of expansion project. I had established unique user and group names, but allowed the system to automagically assign the underlying UIDs and GIDs. For stand alone boxes this is fine, but on a network, as I have discovered, this is called an Oops. My approach created the interesting problem in that UID 100 on Box 1 can see and modify the files on Box 2 owned by UID 100, although the human readable user names are different. The reason is that to the system the UID and GID are the true identifiers, not the human readable names.
I now realize that in large networks various options are available to create, synchronize, and maintain unique account and group IDs, such as LDAP, NIS, etc. Those options probably are overkill for a small home LAN. Probably a simple rsync script would suffice. For now, however, I am trying to better understand how to correct my current problem in a methodical manner. Fortunately I need only modify a couple of accounts and groups.
I know about the usermod, chown, etc. Therefore my focus in this thread is creating a proper punch list to modify the user and group accounts on Box 2 without destroying files, home directories, etc., while maintaining the same human readable identities.
Do I understand correctly that usermod -u modifies the file ownership of the /home directory? Or does usermod not even do that? Regardless, seems that after modifying the UID I also have to search the entire system to update file ownership from the old UID to the new UID.
What about non-system GIDs? Should they also be unique with respect to all networked boxes? I suspect the system GIDs should all remain the same, but should I modify the non-system GIDs?
With all that said, what would be a safe methodical way to update Box 2? Here is my best guess from what I have read so far:
1. Create a written table of the user names, groups names, current IDs and new IDs.
2. Modify each user-based primary group GID: groupmod -g newgid userprimarygroupname.
3. Modify each user's UID: usermod -u newuid username.
4. Modify all system files to the appropriate UID/GID:
find / -uid olduid -exec chown username: {} \;
find / -gid oldgid -exec chown :userprimarygroupname {} \;
5. Test each account by logging in.
FWIW, I tried using kuser in KDE 3.4.3, but on testing the user's login, login/bash reported no home directory found. I suspect kuser did not modify the home directory file ownership or I do not know the appropriate way to instruct kuser to do this.
Anything else? Any caveats?
Thanks again.
|