[opensuse] Can uids be mapped?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Assume a filesystem A in which "user" has uid 500. Assume another filesystem B in which "user" has uid 1000 They belong to different suse installs in the same machine. Is there a method to mount B so that files with uid=500 appear to have uid=1000? NFS perhaps? I haven't seen it in the manual. Changing the physical uids is not valid: that would render the linux system of filesystem A inoperable. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFICcSstTMYHG2NR9URAom1AJ9lIRES7gyT8H0ftDslLhQ7mP6PSACfezvy 72V/XDBuQsAisUfsyWhsqFA= =75Jm -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 19 April 2008 12:08:43 Carlos E. R. wrote:
Hi,
Assume a filesystem A in which "user" has uid 500.
Assume another filesystem B in which "user" has uid 1000
They belong to different suse installs in the same machine.
Is there a method to mount B so that files with uid=500 appear to have uid=1000?
NFS perhaps? I haven't seen it in the manual.
Changing the physical uids is not valid: that would render the linux system of filesystem A inoperable.
How so? Just change the uid in one of the installs so they both match, then do a chown. How would that render it inoperable? NFSv4 has idmapd, but I think it will be tricky to get it to work on the same machine Other than that, I'm not aware of anything for native linux file systems. Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-04-19 at 12:24 +0200, Anders Johansson wrote:
Changing the physical uids is not valid: that would render the linux system of filesystem A inoperable.
How so? Just change the uid in one of the installs so they both match, then do a chown. How would that render it inoperable?
Because it is thousands and thousands of files and can not be done in a pinch. Plus the backups that can not be changed. System B is actually my factory install.
NFSv4 has idmapd, but I think it will be tricky to get it to work on the same machine
I can't find any reference to "idmapd" in the nfs manuals :-? Ah, it is an independent daemon. [...] The documentation is useless! There is no example of mapping: EXAMPLES An example /etc/idmapd.conf file: [General] Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = localdomain [Mapping] Nobody-User = nobody Nobody-Group = nobody Only the "nobody" can be mapped! The man reads: The variables allowed in the Mapping section are Nobody-User and Nobody-Group, which have the same effect as the -U and -G commandline options. So it is useless...
Other than that, I'm not aware of anything for native linux file systems.
I'm sure the need has come more than once, but I don't know of a tool for doing it. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFICct8tTMYHG2NR9URAsiwAJ9loCrSoZpY3wylizOvFUv4sfyb4QCfRylq 64sCS6NRlMWMAYk8YRgDHgA= =1KlX -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
man:exports(5) "User ID Mapping" all_squash Map all uids and gids to the anonymous user. Useful for NFS-exported public FTP directories, news spool directories, etc. The opposite option is no_all_squash, which is the default setting. ?? jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-04-19 at 13:02 +0200, jdd sur free wrote:
man:exports(5)
"User ID Mapping"
all_squash Map all uids and gids to the anonymous user. Useful for NFS-exported public FTP directories, news spool directories, etc. The opposite option is no_all_squash, which is the default setting.
??
I need to map a normal user, not the anonymous one. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFICeJ4tTMYHG2NR9URAufcAJ45WSLYs0rU9LjGetiW/wC1DsJq6gCfYMVs R6vau6jEHCWOsdyzPh4fi18= =yoKI -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 19 April 2008 12:37:45 Carlos E. R. wrote:
The Saturday 2008-04-19 at 12:24 +0200, Anders Johansson wrote:
Changing the physical uids is not valid: that would render the linux system of filesystem A inoperable.
How so? Just change the uid in one of the installs so they both match, then do a chown. How would that render it inoperable?
Because it is thousands and thousands of files and can not be done in a pinch.
find . -uid 500 -exec chown 1000 {} \; [...]
Only the "nobody" can be mapped! The man reads:
The variables allowed in the Mapping section are Nobody-User and Nobody-Group, which have the same effect as the -U and -G commandline options.
So it is useless...
You are very quick to brand something useless when you have no idea what it is idmapd can map between different sets of users, using several different mapping methods. I agree the docs aren't very extensive, but here is a web page describing how to do it using ldap http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html I still don't think you will find it easy to use this - or any other method - on your local system. Using different uids on a single machine is just not a very good idea Use the above find command, and be done with it Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-04-19 at 13:23 +0200, Anders Johansson wrote:
Because it is thousands and thousands of files and can not be done in a pinch.
find . -uid 500 -exec chown 1000 {} \;
How do you do that on DVD backups? I'll probably do that someday. I did it for the minor users, a year ago, but not the main one.
[...]
Only the "nobody" can be mapped! The man reads:
The variables allowed in the Mapping section are Nobody-User and Nobody-Group, which have the same effect as the -U and -G commandline options.
So it is useless...
You are very quick to brand something useless when you have no idea what it is
If the method is not documented, it is as if it doesn't exist for me. It is useless to me.
idmapd can map between different sets of users, using several different mapping methods. I agree the docs aren't very extensive, but here is a web page describing how to do it using ldap
http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html
No, I can't use ldap.
I still don't think you will find it easy to use this - or any other method - on your local system. Using different uids on a single machine is just not a very good idea
Tell SUSE, not me! SuSE configured the users UIDs to start on 500 some years ago. Then _they_ changed the default to start at 1000. So installs made on different years are different. I'm sure I'm not the first one to be in this predicament, having to use files created under a different user. The current procedure is to copy over the files and change the UID. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFICeJItTMYHG2NR9URAg55AJ9acqFptm7CtCCDTfsj0BsDSxnPpQCglrfU 6jzXOlhxBAbroXC+uory61E= =xAFS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2008/04/19 14:15 (GMT+0200) Carlos E. R. apparently typed:
SuSE configured the users UIDs to start on 500 some years ago. Then _they_ changed the default to start at 1000. So installs made on different years are different.
Since first encountering this several years ago I've never let any non-ubuntu installer create normal users. After install is done I create group 1000 manually, then create users with a script that sets specific gid and uid for each desired user. -- "Either the constitution controls the judges, or the judges rewrite the constitution." Judge Robert Bork Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-04-19 at 08:30 -0400, Felix Miata wrote:
On 2008/04/19 14:15 (GMT+0200) Carlos E. R. apparently typed:
SuSE configured the users UIDs to start on 500 some years ago. Then _they_ changed the default to start at 1000. So installs made on different years are different.
Since first encountering this several years ago I've never let any non-ubuntu installer create normal users. After install is done I create group 1000 manually, then create users with a script that sets specific gid and uid for each desired user.
I agree. But if you try to create users with a UID of 500 in SUSE you get a warning, because UIDs that "low" are reserved for the system. However, 500 was the default some years back. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFICe2ktTMYHG2NR9URAmEsAJsEvym71oPimSlF8QDlIwjv2u862gCfQpSL 76LPE0NAAVC9Qf4Bo+O16nU= =t9x1 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 19 April 2008 07:15:01 am Carlos E. R. wrote:
find . -uid 500 -exec chown 1000 {} \;
How do you do that on DVD backups?
It seems that is not one of your best days. When you need more IDs for system services (users) than you have to increase default. BTW, 1000 is default for quite some time. Did DVD existed when 500 was in use?
I'll probably do that someday. I did it for the minor users, a year ago, but not the main one.
Now is good time to change main one too, as chance that number of services that use system ID (below 1000) will not decrease with time. -- Regards, Rajko http://en.opensuse.org/Portal needs helpful hands. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-04-19 at 08:08 -0500, Rajko M. wrote:
On Saturday 19 April 2008 07:15:01 am Carlos E. R. wrote:
find . -uid 500 -exec chown 1000 {} \;
How do you do that on DVD backups?
It seems that is not one of your best days.
Nop :-)
When you need more IDs for system services (users) than you have to increase default. BTW, 1000 is default for quite some time. Did DVD existed when 500 was in use?
I don't remember. Version 7.3 definitely used 500. I don't remember when they changed, but I used CD backups back then.
I'll probably do that someday. I did it for the minor users, a year ago, but not the main one.
Now is good time to change main one too, as chance that number of services that use system ID (below 1000) will not decrease with time.
Probably... Sigh. However, same problem: I would then need a procedure to map the UIDs on the CDs/DVDs. I can't believe nobody has invented one. The no map situation is/was fine in the old days with data centers with a single computer using timesharing for docens or hundred of users. Nowdays... a method should exist. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFICgrptTMYHG2NR9URAh5RAJ9oYyUiPpPf7kutd37y9fLzIvwrHACfa/5s jvQoFhWsnvuGY4pEX2Ei/4g= =xNcL -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
look for "map_static" that seems to solve your problem, my net link is awfull these days (my modem is out of use and I await for a replacement) jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, Apr 19, 2008 at 5:15 AM, Carlos E. R.
SuSE configured the users UIDs to start on 500 some years ago. Then _they_ changed the default to start at 1000. So installs made on different years are different.
True, but you can over ride this. Of course this requires fore site and planning and often in the rush to get a new machine up, this is overlooked. Been there, done that.
I'm sure I'm not the first one to be in this predicament, having to use files created under a different user. The current procedure is to copy over the files and change the UID.
You can find a least impact route by changing those machines that affect only one user (or as few as possible) with the methods mentioned in this thread. [rant mode on] This is why i never recommend nfs, even for all linux shops (which, among my customer base are rare). There _MIGHT_ be a tiny performance hit for using samba/cifs as your file share platform but it saves you from this nonsense of requiring universal UID/GID plans. It works well in all linux shops as well as mixed shops. [/rant] -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-04-19 at 13:26 -0700, John Andersen wrote:
On Sat, Apr 19, 2008 at 5:15 AM, Carlos E. R. <> wrote:
SuSE configured the users UIDs to start on 500 some years ago. Then _they_ changed the default to start at 1000. So installs made on different years are different.
True, but you can over ride this. Of course this requires fore site and planning and often in the rush to get a new machine up, this is overlooked. Been there, done that.
Yes, I have it overriden as my UID is 500. But I'm not sure it is wise, as anytime suse could try to add a system user with uid 500.
I'm sure I'm not the first one to be in this predicament, having to use files created under a different user. The current procedure is to copy over the files and change the UID.
You can find a least impact route by changing those machines that affect only one user (or as few as possible) with the methods mentioned in this thread.
But you can not change backups!
[rant mode on] This is why i never recommend nfs, even for all linux shops (which, among my customer base are rare). There _MIGHT_ be a tiny performance hit for using samba/cifs as your file share platform but it saves you from this nonsense of requiring universal UID/GID plans. It works well in all linux shops as well as mixed shops. [/rant]
Yes, there is something in what you say. But does samba suport the full set of linux file permissions and ownership? I believe it doesn't. Plus, I usually find samba more difficult to setup, compared to nfs. Too many options and pitfalls. In any case, I simply mentioned nfs because I had heard somewhere that it can remap users. It seems this is so, but it is not documented. I don't really care how the remapping is done, nfs or whatever. There should be a local filesystem mount able to do that, perhaps using the kernel "device-mapper" thing. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIClshtTMYHG2NR9URAnECAKCBUNml4TEj8OS+H8UydLC7ZQvt8gCeLdlp xGLTypKEnQne2nZSWIolerk= =4buD -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, Apr 19, 2008 at 1:50 PM, Carlos E. R.
Yes, there is something in what you say. But does samba suport the full set of linux file permissions and ownership? I believe it doesn't.
How can it not. It lives under the kernel. It has no choice.
Plus, I usually find samba more difficult to setup, compared to nfs. Too many options and pitfalls.
Defaults are find for almost every use. The only thing I ever change is to force Group Permissions on new files and directories created by clients.
In any case, I simply mentioned nfs because I had heard somewhere that it can remap users. It seems this is so, but it is not documented.
I've been in this place before. Conversion carefully planned when upgrading a server. Just use nfs from the old server and copy to new. GAK!! UIDs all hozed.
I don't really care how the remapping is done, nfs or whatever. There should be a local filesystem mount able to do that, perhaps using the kernel "device-mapper" thing.
There is also a way to run a daemon which does the remaps for you but its a huge kluge, worse than Samba, and requires constant attention as users come and go. Samba allows you to create the user accounts in their workstation and the server without regard to UIDs, and when files move back and forth they get the right permissions with no coordination of UIDs. Note there is another setting somewhere in yast where you can set the range of UIDs and GIDs and it won't change. But you still have to remember to coordinate between workstations and server. So you end up having to coordinate two machines each time a new machine is added or a user account is added. Its a mess. Samba is easier in my opinion. I've done it many times. I've long since sworn off NFS. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson a écrit :
find . -uid 500 -exec chown 1000 {} \;
it's not that easy, if you have several users, can be managed for <10, after more difficult, not possible at all if several distros are involved on the lan jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-04-19 at 20:01 +0200, jdd sur free wrote:
Anders Johansson a écrit :
find . -uid 500 -exec chown 1000 {} \;
it's not that easy, if you have several users, can be managed for <10, after more difficult, not possible at all if several distros are involved on the lan
And you may have to move to a temporary uid like 50000 and then back to an unused one below, if you need to do reordering... - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFICjWStTMYHG2NR9URAs6TAJ0bhBkWVJCBDlUlIDcd2t3LsVtdaACfcTz8 /yiyAOmweIpVQUae3/QF/Z0= =yxD5 -----END PGP SIGNATURE-----
search for "map_static" if ever somebody could make it work :-( jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-04-19 at 20:35 +0200, jdd sur free wrote:
search for "map_static" if ever somebody could make it work :-(
Where? I have no idea what is that. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD4DBQFICkSvtTMYHG2NR9URAt9nAJ4upA0+yD1XXtiTJyBQ0uF8/Pv2qwCXaMfD BjEnLI7fsGrBuLqoWJfFNA== =kewA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. a écrit :
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Saturday 2008-04-19 at 20:35 +0200, jdd sur free wrote:
search for "map_static" if ever somebody could make it work :-(
Where? I have no idea what is that.
google is your friend. My internet connection is very bad (50% off!!) due to a failing modem, so my way to search is difficult, but there where a map_static nfs option jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
jdd sur free wrote:
Anders Johansson a écrit :
find . -uid 500 -exec chown 1000 {} \;
it's not that easy, if you have several users, can be managed for <10, after more difficult, not possible at all if several distros are involved on the lan
There's no substitute for proper planning and implementation. In a unix world, you pick one uid per user and stick with it. If you allow random uncontrolled growth of your environment and user base, you end up with a mess, and the longer you wait to fix it, the messier it gets. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-04-19 at 11:53 -0700, Joe Sloan wrote:
jdd sur free wrote:
Anders Johansson a écrit :
find . -uid 500 -exec chown 1000 {} \;
it's not that easy, if you have several users, can be managed for <10, after more difficult, not possible at all if several distros are involved on the lan
There's no substitute for proper planning and implementation. In a unix world, you pick one uid per user and stick with it. If you allow random uncontrolled growth of your environment and user base, you end up with a mess, and the longer you wait to fix it, the messier it gets.
Ok, you tell that to the developers, who changed the lowest UID from 500 to 1000. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFICkT+tTMYHG2NR9URAscKAKCPWdSY/HtkMdc1OtXhIzb4YVdWywCfQZbM lJbDlv93Vl4z+zESSNV0KTw= =T2OU -----END PGP SIGNATURE-----
Carlos E. R. wrote:
The Saturday 2008-04-19 at 11:53 -0700, Joe Sloan wrote:
jdd sur free wrote:
Anders Johansson a écrit :
find . -uid 500 -exec chown 1000 {} \;
it's not that easy, if you have several users, can be managed for <10, after more difficult, not possible at all if several distros are involved on the lan
There's no substitute for proper planning and implementation. In a unix world, you pick one uid per user and stick with it. If you allow random uncontrolled growth of your environment and user base, you end up with a mess, and the longer you wait to fix it, the messier it gets.
Ok, you tell that to the developers, who changed the lowest UID from 500 to 1000.
Yeah that did affect some people, but I didn't even notice, since I never accept the random default uids anyway. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
Hi,
Assume a filesystem A in which "user" has uid 500.
Assume another filesystem B in which "user" has uid 1000
They belong to different suse installs in the same machine.
Is there a method to mount B so that files with uid=500 appear to have uid=1000?
NFS perhaps? I haven't seen it in the manual.
Changing the physical uids is not valid: that would render the linux system of filesystem A inoperable.
-- Cheers, Carlos Robinson
Carlos, I ran into this problem with remote backup from a mandrival machine to a SuSE box. Mandrake starts is regular uid's at 500 and SuSE at 1000. I never solved the uid map issue, but the uid of the data files wasn't of extreme importance since mapping gid for file access was my main concern. I finally just got to point that to provide user access to the remote backup, if required, I would simply chown to allow group access to what was needed. It looks like the consensus is what Anders proposed. Here is an applicable site. It discusses NIS, but the concept is the same. http://linux.about.com/od/lna_guide/a/gdelna111.htm -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (8)
-
Anders Johansson
-
Carlos E. R.
-
David C. Rankin
-
Felix Miata
-
jdd sur free
-
Joe Sloan
-
John Andersen
-
Rajko M.