Skip to main content
We’ve updated our Terms of Service. A new AI Addendum clarifies how Stack Overflow utilizes AI interactions.
Server Fault

Return to Answer

verbs are useful in a sentence sometimes
Source Link
Jubal
Jubal
  • 124
  • 5

It would do yourself much good if you decide to synchronize uids/gids in your whole organization, the overall maintenance effort would be much easier.

And it can be achieved in a relatively painless way:

  • create or configure your central directory
  • decide on uid/gid space you would like to use (make sure it does not overlap anything you're using now and do not remap uids that will be local to the hosts only - system and daemon accounts etc.)
  • schedule maintenance break for every of your machines
  • prepare a script to reset the ownership after remapping users; something like this worked once for me:
  • find /path/to/what/has/to/be/preserved -printf "chown -c %u:%g \"%h/%f\"\n" > preserve
  • switch to your new directory service
  • remove or remap the non-system part of your /etc/passwd and /etc/group
  • restore the file/directory ownership by running the generated script (sh preserve will do)
  • rinse, repeat, profit!

Notes:

  • the generated script is not efficient at all, as it's changing back ownership one file by one; but it should be a good demonstration of the general idea.
  • if you have any suid/sgid binaries and directories there, record them in the script as well, for example by changing the printf clause to "chown -c %u:%g "%h/%f"\nchmod -c %m "%h/%f"\n"

It would do yourself much good if you decide to synchronize uids/gids in your whole organization, the overall maintenance effort would be much easier.

And it can be achieved in a relatively painless way:

  • create or configure your central directory
  • decide on uid/gid space you would like to use (make sure it does not overlap anything you're using now and do not remap uids that will be local to the hosts only - system and daemon accounts etc.)
  • schedule maintenance break for every of your machines
  • prepare a script to reset the ownership after remapping users; something like this worked once for me:
  • find /path/to/what/has/to/be/preserved -printf "chown -c %u:%g \"%h/%f\"\n" > preserve
  • switch to your new directory service
  • remove or remap the non-system part of your /etc/passwd and /etc/group
  • restore the file/directory ownership by running the generated script (sh preserve will do)
  • rinse, repeat, profit!

Notes:

  • the generated script not efficient at all, as it's changing back ownership one file by one; but it should be a good demonstration of the general idea.
  • if you have any suid/sgid binaries and directories there, record them in the script as well, for example by changing the printf clause to "chown -c %u:%g "%h/%f"\nchmod -c %m "%h/%f"\n"

It would do yourself much good if you decide to synchronize uids/gids in your whole organization, the overall maintenance effort would be much easier.

And it can be achieved in a relatively painless way:

  • create or configure your central directory
  • decide on uid/gid space you would like to use (make sure it does not overlap anything you're using now and do not remap uids that will be local to the hosts only - system and daemon accounts etc.)
  • schedule maintenance break for every of your machines
  • prepare a script to reset the ownership after remapping users; something like this worked once for me:
  • find /path/to/what/has/to/be/preserved -printf "chown -c %u:%g \"%h/%f\"\n" > preserve
  • switch to your new directory service
  • remove or remap the non-system part of your /etc/passwd and /etc/group
  • restore the file/directory ownership by running the generated script (sh preserve will do)
  • rinse, repeat, profit!

Notes:

  • the generated script is not efficient at all, as it's changing back ownership one file by one; but it should be a good demonstration of the general idea.
  • if you have any suid/sgid binaries and directories there, record them in the script as well, for example by changing the printf clause to "chown -c %u:%g "%h/%f"\nchmod -c %m "%h/%f"\n"
Source Link
Jubal
Jubal
  • 124
  • 5

It would do yourself much good if you decide to synchronize uids/gids in your whole organization, the overall maintenance effort would be much easier.

And it can be achieved in a relatively painless way:

  • create or configure your central directory
  • decide on uid/gid space you would like to use (make sure it does not overlap anything you're using now and do not remap uids that will be local to the hosts only - system and daemon accounts etc.)
  • schedule maintenance break for every of your machines
  • prepare a script to reset the ownership after remapping users; something like this worked once for me:
  • find /path/to/what/has/to/be/preserved -printf "chown -c %u:%g \"%h/%f\"\n" > preserve
  • switch to your new directory service
  • remove or remap the non-system part of your /etc/passwd and /etc/group
  • restore the file/directory ownership by running the generated script (sh preserve will do)
  • rinse, repeat, profit!

Notes:

  • the generated script not efficient at all, as it's changing back ownership one file by one; but it should be a good demonstration of the general idea.
  • if you have any suid/sgid binaries and directories there, record them in the script as well, for example by changing the printf clause to "chown -c %u:%g "%h/%f"\nchmod -c %m "%h/%f"\n"