Step 5. Change the UID number
Use the chuser command to change the UID for the user
brian to UID 3504 (originally it was 404).
At this point, the brian UID and testgroup GID have been
changed on the system. You can run the id brian command
to see the new UID and GID.
Listing 7. id brian output
id brian
uid=3504(brian) gid=5001(testgroup)
groups=1(staff)
You are not yet done. If you run a ls –al command in the
users home directory, you quickly see a problem.
Listing 8. ls output for users home
directory
ls -al /home/brian
drwxr-xr-x 5 404 402 4096 2009-
04-08 09:12 .
drwxr-xr-x 10 bin bin 256 2007-
03-01 15:06 ..
-rw-r--r-- 1 404 402 10 2007-
02-07 13:22 .kshrc
-rwxr----- 1 404 402 291 2007-
02-07 13:22 .profile
-rw------- 1 404 402 438 2010-
11-10 11:40 .sh_history
As you can see, where the user and group are normally
displayed, you now only see the previous UID and GID
numbers displayed (404 and 402). If the user brian logged
in to the system, he would no longer be the owner of these
files. This is because the system stores the UID and GID
number for the owner and group on each file rather than
storing a user or group name. In the next step, you will fix
this.
Step 6. Fix user and group ownership for all files on the
system
In this step, you fix the user and group ownership for
all files on the system. This is done by running two find
commands which search for all files with the previous
UID and GID. For each file found that meets one of these
criteria, the file is updated with the new user and group
ownership.
Listing 9. find commands to fix ownership
find / -group 402 -exec chgrp -h
testgroup {} \;
find / -user 404 -exec chown -h brian {}
\;
Once these commands are completed, the user and group
ownerships are corrected for all files on the system for the
testgroup group and the brian user. If you run an ls –al
command on the brian user’s home directory, you can
confirm this.
Back to top
Automating the process
The previous steps took time to complete, and you only
changed the UID and GID for a single user and group. If
your environment has dozens of AIX servers and each
server has dozens of users and groups, it becomes very
obvious that manually changing all UIDs and GIDs is not
practical.
I have written a Perl script that automates this process. You
supply the script with two input files: a file that contains
the updated UID information, and a file that contains the
updated GID information.
In the UID file, you list out two columns of information per
line. The first column has the new UID that you want set,
and the second column has the account name. The GID file
is similar. The first column has the new GID that you want
set, and the second column has the group name.
Listing 10 below shows the contents of these files.
Listing 10. Contents of UID and GID files
cat uid.txt
3500 megan
3501 todd
3502 app_user
## cat gid.txt
5000 app_group
If the script finds a line in the UID or GID file for a user or
group that does not exist on the system, the line is simply
skipped. This makes it easy to create a list of all users and
groups across all systems and creates a single UID and GID
file that could be used to standardize the UIDs and GIDs
on any one of your systems, even if each system doesn’t
have the same users or groups. Also, if the script runs and
detects that the current UID or GID on the system for a user
or group is the same as the desired UID/GID from the input
