[6217] in Release_7.7_team
Re: Low UIDs and GIDs
daemon@ATHENA.MIT.EDU (Michael R. Gettes)
Mon Feb 23 11:05:35 2009
Cc: release-team@mit.edu
Message-Id: <72CD4B2E-A27D-4FE3-A648-F788E3779D8C@mit.edu>
From: "Michael R. Gettes" <gettes@MIT.EDU>
To: Jonathan Reed <jdreed@mit.edu>
In-Reply-To: <E830C2C0-2C1E-4443-AB82-285D7C28B339@mit.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Mon, 23 Feb 2009 10:58:28 -0500
X-Spam-Flag: NO
X-Spam-Score: 0.00
My apologies for my delayed response to this...
My read from your reply is there is no solution unless we
crawl AFS. I am not yet seeing any other alternative so
we need to find out what it will take to solve this, yes?
One crawl of AFS to gather the info in a file or small DB
and then we can go against that for relative comfort.
/mrg
On Feb 11, 2009, at 12:06, Jonathan Reed wrote:
>> ok, so a proper response to this analysis (from me) would be "oh
>> crap".
>
> Yup.
>
>> This is quite a significant problem from a user support perspective.
>> Do we think there is some "easy-ish" mechanism we could put in place
>> to migrate users to different UIDs and hopefully deal with the
>> problems
>> as they come thru such a mechanism? Maybe a web page to "heal my
>> UID"
>> and it does all the right magic behind the scenes if the user is
>> logged
>> out of all unix instances? Maybe same thing for the GIDs?
>
> I believe the answer is "No, not really", since while we can easily
> change the UID, and mostly easily fix permissions in the user's
> locker, we can't easily crawl AFS and find every instance of a
> directory with that PTS ID on it and fix it, as well as fixing the
> owner/group of the files themselves. Nor do I think can we leave it
> to the users to fix it every time they encounter something in AFS
> they used to be able to access but no longer can.
>
> It may be that the majority of these users don't have much in AFS
> outside their homedir, but we can't know that until we crawl AFS,
> for which we currently lack a tool (ops' "janitor" can, in theory,
> be modified).
>
> -Jon
>
