pete@brillig.umd.edu (Pete Cottrell) (04/26/89)
In response to the question of organization-wide uids by Keith Farvis in v7n211, several people have raised some good points about some of the issues involved and some directions that should be followed. This message is in more of a practical vein, of our experience with having done it. Several years ago, as the U of Md. Computer Science Department got more and more Sun systems up using NFS, we realized that we needed to unify our uids. This wasn't at the university level, but at that time we did have to deal with about 800 user accounts on 65-70 machines. To keep the story short, Chris Torek wrote two programs. The first read every password file, reassigned uids and then produced mapping files for each password file. The second program would then use this mapping file to scribble on the raw disk, changing the uids. While this might seem scary, we didn't have any real problems (Chris doesn't mess around!). The same software ran on VAXen, Suns, a Pyramid and a Data General. Map files were written in network byte order for portablility. The software also unified our gids. The whole process was fairly quick - a precautionary dump of a Sun with a 105MB disk and then the subsequent 'zap' would take about 20-25 minutes. The whole process is described in more detail in a short paper I wrote in the proceedings of the 1st USENIX Large Installation System Administrators Workshop. We have bundled all of the software together, included some programs to maintain a master group file, programs to rewrite the lastlog and quota files after a zap, etc. We gave it to some other sites and they used it with success. No one has asked for it in a long time, but I could dust it off and make it available if there is interest. As others have said, there are many issues to consider if you are planning on doing this. Doing this university wide is much more complicated than our departmental effort. But if you decide to go through with it, you might want to at least take a look at what we did. It might save some time and effort. If you are interested, send mail to: pete@mimsy.umd.edu uunet!mimsy!pete