How do I enforce consistent uid/gid's across cluster, including legacy servers?

asked 2014-09-18 20:10:37 -0600

hesco gravatar image

updated 2014-09-18 20:19:13 -0600

The question was presented on the IRC channel this afternoon. This post is intended to show how I answered that question for our company's network. The script below is how I implemented the advise which balder offered on the IRC channel to this question.

I have found that it is better to bite the bullet and enforce consistent uid/gid's across the cluster, including on the legacy servers, than to struggle against the issues presented by a failure to do so.

-- Hugh Esco YMD Partners LLC

# cat user/files/root/lib/perl/update_uid_gid.pl 

#!//usr/bin/env perl
use strict;

my $user = $ARGV[0];
use lib qw{ local/lib/perl5 };
# use File::Find;

my %users = (
       'pinto' => 121,
        'ceph' => 122,
       'mysql' => 123,
    'postgres' => 124,
  'ymdbackups' => 1001,
        'tmux' => 1003,
      'drupal' => 1004,
      'deploy' => 1005,
       'hesco' => 2001,
         'moe' => 2002,
       'larry' => 2003,
       'curly' => 2005,
);

my %uid = (
        121 => 'pinto',
        122 => 'ceph',
        123 => 'mysql',
        124 => 'postgres',
       1001 => 'ymdbackups',
       1003 => 'tmux',
       1004 => 'drupal',
       1005 => 'deploy',
       2001 => 'hesco',
       2002 => 'moe',
       2003 => 'larry',
       2005 => 'curly',
);

if( defined( $user ) ){
  fix_legacy_uid_gid( $user );  
} else {
  my @users = keys %users;
  foreach my $user ( @users ){
    next if( $user eq 'hesco' );
    fix_legacy_uid_gid( $user );  
  }
}

exit;

sub fix_legacy_uid_gid {
  my $user = shift;

  my $HOME = `/bin/grep $user /etc/passwd | /usr/bin/cut -d: -f6`;
  foreach my $file ( system("/usr/bin/find $HOME -user $user") ){
    next if( $file eq '..' );
    chown $users{$user}, $users{$user}, $file;
  }
  `/usr/sbin/usermod $user -uid $users{$user}`;
  `/usr/sbin/groupmod $user -gid $users{$user}`;
  `ls -alht ~$user`;
  `/usr/bin/touch ~$user/.fix_legacy_uid_gid_done`;

}
edit retag flag offensive close merge delete