[clug] Syncronising UID/GIDs when migrating to LDAP
Alex Satrapa
grail at goldweb.com.au
Thu Sep 13 23:23:11 GMT 2007
On 13/09/2007, at 12:22 , Michael James wrote:
> Years ago I migrated a batch by hand using:
> root> find -name <old-number> -exec chown <new-name> {} \;
>
> This becomes a nightmare if the new and old numbers overlap.
Way back in the day, when I was being taught to program (as opposed
to when I actually learned), we were taught this basic swap routine:
To swap X and Y:
Temp = X
X = Y
Y = Temp
So applying this to the situation at hand, you could either (a) move
all uids in one fell swoop to a much higher number range than you're
currently using and keep them there, or (b) temporarily move all uids
to a number range that is not being used anywhere, then move them
back to have the one user with the same UID on each machine.
At this point you can introduce the central directory system, and
consider removing all but system and "rescue" user details from the
local hosts. You will need a non-root rescue user in order to allow
safe access to each machine when the central directory server becomes
unavailable.
The hard part of the exercise is determining the final UID for each
user, and shipping that out as a script to each host. The rest is
just waiting for the find to finish.
Alex
More information about the linux
mailing list