[ale] Changing UID of a user

Thomas Stromberg lists at stromberg.org
Sun May 7 06:54:29 EDT 2006 

On 7 maj 2006, at 04.12, Keith Hopkins wrote:

>   The biggest 'gotcha' will depend on how you store your  
> passwords.  If you do it directly in /etc/passwd (not recommended),  
> then yes, you're method should work fine and dandy.  If you store  
> them elsewhere, like in a shadow file (standard on most Linux  
> distros), then those security files also need updating.

If you are changing the uid number, then the shadow file will not  
need updating. They use the username as a reference. Changing the uid  
number in /etc/passwd is actually a pretty safe activity, and is what  
usermod does. I typically edit /etc/passwd directly, since it's such  
a pain for me to remember the usermod syntax for each UNIX version  
I'm dealing with.

>   Next will be any applications that depend on the UID in the  
> password file, instead of the username.  I can't think of any apps  
> offhand that do that, but you never know...

This unfortunately can happen, but is very very rare. If it's a  
system or application account, then it could be a remote concern.  
Some apps have been known to hardcode their uid# into a file as a  
sanity check and complain loudly if it does not match up. If it's a  
normal user account, it should not be an issue. Here are some other  
caveats:

* For the user being changed, make sure they are logged out and no  
processes are running. Things may get weird with the below step if  
there are running processes.
* For each uid being changed, you will need to re-assign each the uid  
for each file on the filesystem to to the new one:

    sudo find / -user 501 -exec chown thomas {} \;

This looks for any files still associated with uid 501, and re- 
assigns them to the current uid for thomas (find+exec is slow, btw).  
If you have remote filesystems mounted, you may or may not want to  
restrict your find command to the local filesystem. I recommend  
starting at / so that you don't miss out on any files outside of the  
users come directory, such as: /tmp, /var/tmp, /Library/Caches (Mac  
OS X).  Once all of the files have been re-assigned, you can safely  
log back in as that user, and everything should be hunky dory. Enjoy!

// Thomas Str?mberg
// http://toadstool.se/
// +1 678 773 9475

More information about the Ale mailing list