Environment
Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 11 (OES 11) Linux
Novell Open Enterprise Server 11 (OES 11) Linux
Situation
There are users or groups on the local host whose uid or gid match those within LUM in eDirectory. This may be the case due to a 3rd party application choosing a specific uid/gid for it's purpose without checking what is in use, someone manually creating one in YaST, etc.
Duplicate uid or gid can cause anomalies in accessing a system or system resources (i.e. home directory, directories/files, etc.).
Duplicate uid or gid can cause anomalies in accessing a system or system resources (i.e. home directory, directories/files, etc.).
Resolution
The best way to change a LUM enabled user's or group's id number is via iManager.
For users:
For users:
- Launch and authenticate to iManager.
- Select "Users"->"Modify User" from the left pane.
- In the right pane, enter or browse (spyglass) the user you want to change.
- Click on the "Linux Profile" tab.
- Next to the "User ID" field, click the "Modify" button.
This will obtain the next uid to use and assign it to the current user. - Click "Apply" or "OK" to save.
For groups it is a similar process:
- Launch and authenticate to iManager.
- Select "Groups"->"Modify Group" from the left pane.
- Enter or browse for the group you want to change.
- Click the "Linux Profile" tab.
Near the bottom of the page is the "Properties" section. - To change the gid, click the "Select next available ID" link next to the "Group ID:" field.
- Click "OK" or "Apply" to save.
Finally, if you want to change what uid or gid will be assigned next, you can modify the Unix Config object (for LUM) and change the "Last Assigned Group ID" or "Last Assigned User ID" -- so it is above the currently last assigned ID but far enough below the maximum number (either uamPosixGidNumberEnd or uamPosixUidNumberEnd, respectively). For further information, please see Modifying a Unix Config object.
Additional Information
Here are some guidelines you will want to consider before changing a LUM uid or gid:
- Permissions on non-NSS filesystems may be incorrect.
If the user impacted by uid or gid changes has previously ssh'd or logged into the server (terminal or GUI session), they will have a home directory created as /home/username. This will contain a number of files and folders -- all of which have permissions granted to the previous uid and primary group's gid. This will not get updated. They will need to be updated manually with chown. - It will take some time for changes to be recognized on the various server.
The namcd cache has a default lifetime of 28,800 seconds, or 8 hours. (This defined in /etc/nam.conf as persistent-cache-refresh-period). You will need to either wait for the persistent-cache-refresh-period to expire or run namconfig cache_refresh to update the cache.
Additionally, there exists an NCPServer idMapping cache. This cache is refreshed every 30 minutes. The only way to update this sooner is to reboot the server.
Finally, there exists an NSS-NDS cache. This can be reset by:
- launch nsscon
- at the nsscon prompt run ResetIDCache
- exit nsscon