User ID (UID) and Group ID (GID) not changing on NSS volumes

  • 3006795
  • 23-Jun-2006
  • 27-Apr-2012

Environment

Novell Open Enterprise Server (Linux based) Support Pack 2

Situation

After changing the User ID (UID) or Group ID (GID) of a LUM enable user or group the NSS file system does not reflect the correct ownership.
Steps to reproduce:

Create a new user and LUM enable them. john got a UID of 601.

Created a file called novell on my NSS volume /media/nss/VOL1

Did a "chown john novell" to change the owner

"ll /media/nss/VOL1" shows owner of novell as john

"ll -n /media/nss/VOL1" shows the owner of novell as 601

Changed the UID of john in iManager to 1000

command "id john" will show UID of 601

The namcd cache needs to be reset see step 1 in resolution below.

command "id john" will show UID of 1000 now

"ll /media/nss/VOL1" shows owner of novell as 601 when it should be john

"ll -n /media/nss/VOL1" shows the owner as 601 when it should be 1000

If I dismount and remount the volume it makes no difference.

Restarting edirectory does not make a difference.

ResetIDCache does not make a difference.

Rebooting the server does make it work correctly with the 1000 UID.

Resolution

There are three pieces to this issue, namcd, NCP, and NSS.

1. The namcd cache is what needs to be updated when the change is made to the UID via iManager.
"id USERNAME" and seeing the new UID.  Make sure your LUM modules are updated post OES SP2, you need greater than novell-lum-2.2.0-63.

2. The NCPServer idMapping cache by default will refresh every 30 minutes. There is not a manual way to force this without rebooting.

3. The NSS NDS cache can be reset by typing "nsscon" then "ResetIDCache" then "exit" to exit nsscon utility. The resetidcache happens by default every 90000 seconds (25 hours). This is configurable inside of nsscon with"IDCacheResetInterval".