On Mon, Nov 28, 2016 at 11:04:53AM +0100, Hauke Fath wrote:
On Sun, 27 Nov 2016 19:16:56 -0700, Leonid Isaev wrote:
But out of curiosity, why is it difficult to change user IDs on all files? I assume that you control the storage? Isn't it just a chown -R away? For example, for our NIS passwd/shadow map we use 6-digit IDs...
Because... users have files
- on their NFS home - on public NFS shares - on a partition of the local harddrive (and not necessarily limited to one machine) - on their home on the web server - on their home on the mailserver - on their home on the computing cluster
all of which makes a change of user and group id slightly more involved than a 'chmod -R'. Nothing that couldn't be done, mind you, given enough round tuits - both for me and my users.
As I said, it would have to be either a flag day (deploy a script with old-new mapping to all machines involved, lock out users, shut down services, run script), or piecemeal change (negociate time slot with user, log them out, annoy other users because you have to temporarily disable imap and smtp services, run said script). Both would need to be planned, communicated and negociated, and so take more time than I have.
OK, if this is not an option, then I you have few options, but all of the suck: 1. Just go over your /etc/passwd, /etc/group etc. and manually assign UID/GID to systemd* users. The hope is that packages won't install new users. Also, put /usr/lib/sysusers.d in a version control, so you can track changes. And of course, change your login.defs appropriately. Systemd won't read it, but other programs might. 2. If this is too hackish for you, then override files in /usr/lib/sysusers.d/ by copying them to /etc/sysusers.d and putting fixed UIDs there. Of course, /etc/passwd et all need to be fixed manually, as above. 3. Rebuild systemd with a proper login.defs... Keep in mind though, that new stable releases of systemd are almost always broken in one way or another... 4. Reopen the bugreport mentioned in this thread and try to bring LP back to earth. Good luck with that though, in my experience it is impossible :) If I were you, I'd choose (1) but create every new user in a high-numbered IDs, so hopefully in some time, you can drop the hack. HTH, -- Leonid Isaev GPG fingerprints: DA92 034D B4A8 EC51 7EA6 20DF 9291 EE8A 043C B8C4 C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D