Synchronize UID/Group across systems

[leveraction]

I have a FreeBSD file server where my user id is 1001. I am also the only user other than root in the wheel group. I have several linux clients (I have root access on all of them) where I have user accounts (same name) with user ids of 1000. I use NFS mount to connect the various clients to the file server. These different numbers are causing permissions issues that are driving me crazy.

The question: I would like to change my UID and group iD on the FreeBSD server to 1000. I am thinking either usermod or editing /etc/user and /etc/group manually. My Spidey sense tells me that doing something like that will blow something up or at the least lock me out next time I try to ssh over to the server.

Could someone please advise how I should go about setting things to right?

 

[leveraction]

OK, I found this thread: https://forums.freebsd.org/threads/52910/
It seems that if I change the username I just need to update the ownership of the home directory. The problem is that I don't want to change the ownership, just the underlying IDs associated with the user and the matching group id. Still searching...

 

[ralphbsz]

To begin with: Normal boring NFS does not have an ID translation mechanism, neither for the identity itself (you can't have user "fred" be 500 on the server and 1000 on the client), nor for the files and directories (if a file says that it's owned by 500 on the server, it will be owned by 500 on the client). If you want one user to have a particular ID on one NFS participant (client or server), that user will have to have the same ID on clients and server, otherwise confusion will rule supreme and you will go insane (been there, done that, not pretty).

OK, I found this thread: https://forums.freebsd.org/threads/52910/
It seems that if I change the username I just need to update the ownership of the home directory.

Yes, you need to first edit /etc/passwd and /etc/group (don't do that directly, use vipw) and make sure your user has all the same user and group ID numbers on all systems. Since you have multiple Linux clients where you are 1000, the path of least resistance is to change the single FreeBSD server to have 1000 there too.

The problem is that I don't want to change the ownership, just the underlying IDs associated with the user and the matching group id.

Sorry, this is not Burger King, you can't have it your way! Every file has an associated user and group ID, which is simply transported without modification by NFS. If a file is owned by 1001 on your server, then the clients will see it as owned by 1001, and there is nothing you can do about that (other than by using more complex file sharing mechanisms that have built-in ID translation mechanisms). If you want things to work "normally", then you better make sure that the user/group ID numbering (which is stored in /etc/passwd and /etc/group) exactly matches the actual ownership of files and directories.

So I fear the second step is unavoidable: Log out as the affected user (because weird things will happen if you have a running process whose numeric ID to name mapping suddenly changes), log in as root, change /etc/passwd and /etc/group, and then do the following: Find all the files/directories owned by 1001 (most likely that is exactly the home directory and stuff underneath it), and change it. That's most easily done with chown, which you can use with the "-R" flag to do a whole directory tree at once, and to change both user and group simultaneously. Most likely, you need just a single command, something like chown -R /home/foo, done.

If you want to find all other files owned by that user, and if you fear that they have spread in strange places in the file system hierarchy (which can happen), the easy but time-consuming way is to run find / \( -user 1001 -o -group 1001 \) -print, save the output in a file, and go have a coffee (or a long lunch, on a big system this might run for many hours).

 

[leveraction]

Ok, I fixed it. Not elegantly, but effectively.:

1. For safety, I ssh'd into the server and made 2 new users (just in case) that were both members of wheel. eg. dave1, dave2
   
2. (On creation I manually set dave1 to have a UID of 1000 which also means the group id of the dave1 group is also 1000.)
   
3. I changed the name of the original user (dave) that has the correct name but UID of 1001 to dave_old.
4. Then I changed the name of dave1 to dave. (Now dave has the correct UID)
   
5. Then I deleted the original dave group. (GID 1001)
   
6. Then I changed the name of the dave1 group to dave (GID 1000)
7. Then I logged out and made sure I could log in under the "new" dave and su to the root user. (success!)
8. Then I went back and deleted dave_old, dave2 and the dave2 group.
9. I also had to change the name of the home directory to match the remaining user otherwise you get a little message about it on login.

Another reference to this problem concerning NFS: section 4 under this page http://www.troubleshooters.com/linux/nfs.htm
Another very helpful site: http://www.bsdguides.org/2004/managing-usersgroups-with-pw/
And you will likely need "user group mod help" for some hints on the commands.