change user ID

What is the best way to go about changing a user’s ID, whilst ensuring all their files and app configurations remain the same? Or ultimately in this scenario, changing the ID but keeping the same username and later transitioning the data into a fresh home user directory?

I have accounts on three machines all with my same username, but on my main laptop I am user ID 1000 whilst on the other two I am 1001. Since I hotplug an external drive into these machines I want to change to 1001 on the laptop to ease file transfer operations without always having to change file ownership rights, but I think this might be more complicated than it first seems.

I have a second user account set up on the laptop that I sometimes use for testing things, though this account was already occupying ID number 1001 so I wanted to first change that to something else. I just upgraded to openSUSE 12.3 by formatting / and keeping /home. After install, I went into YaST, re-added this user (same username) and changed the ID to 1010. It prompted that there was already a home directory using that name and asked if I wanted to change its ownership, so I clicked Yes. Now I’m a bit confused. When logging in to that account, I can see and access all that user’s personal files, which also show as being owned by that username, though the desktop and programs (e.g. Dolphin, Firefox) have not picked up the old settings and default to a fresh user. Is everything in that directory really owned by the same user now, and what would have happened if I’d clicked No?

I want to clarify this before I deal with my main user account. For that, since I have accumulated updated configurations of applications through many releases and some things aren’t optimal, I would like to create a new user in parallel, gradually set up everything afresh in the DE and apps, and then move all the remaining app-agnostic data across and remove the old account, effectively keeping the same username but with a new user ID. I’ll have to pick a different username initially or rename the old account. Any advice?

On 2013-04-01 15:16, gumb wrote:

Yes, the Unix feature of using UUID numbers instead of names is a
problem when using multiple computers.

> I have a second user account set up on the laptop that I sometimes use
> for testing things, though this account was already occupying ID number
> 1001 so I wanted to first change that to something else. I just upgraded
> to openSUSE 12.3 by formatting / and keeping /home. After install, I
> went into YaST, re-added this user (same username) and changed the ID to
> 1010. It prompted that there was already a home directory using that
> name and asked if I wanted to change its ownership, so I clicked Yes.

The procedure is correct, but may be not enough.

> Now I’m a bit confused. When logging in to that account, I can see and
> access all that user’s personal files, which also show as being owned by
> that username, though the desktop and programs (e.g. Dolphin, Firefox)
> have not picked up the old settings and default to a fresh user. Is
> everything in that directory really owned by the same user now, and what
> would have happened if I’d clicked No?

The problem, I guess, is that KDE uses some temporary files on other
directories, like /tmp and perhaps others under /var/something. Those
have to be changed as well, but YaST only changed /home/someuser.

The procedure is a find and change on the entire filesystem. Something
like this:


su -
cd /
find . -uid 500 -print0 | tee registro | xargs -0 chown 1000


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

I can sort of understand some of this command but can you clarify how this breaks down? Is ‘registro’ just your name for a temporary file for the results of find? On the one hand I should probably do this to be sure there are no 1001 user ID files on the system prior to creating a new user with that ID. However, I also wonder if that could corrupt some things now since apps will find two sets of configurations in the temp folders for that ID number. It’s something that should have been done before I logged back in to that account.

I think the procedure how to do this is quite clear, but as you did several things, it might be much more diffucult to find out what the situaion is now. The more because your decription is a bi t vague (maybe out of nessecity).

In any case all changes must be done while the user is NOT LOGED IN at all. And I am afraid that your description is not clear enough about that.

On 2013-04-01 16:56, gumb wrote:
>
> robin_listas;2543417 Wrote:

> Code:
> --------------------
> > >
> > su -
> > cd /
> > find . -uid 500 -print0 | tee registro | xargs -0 chown 1000
> >
> --------------------
>>>
>
> I can sort of understand some of this command but can you clarify how
> this breaks down? Is ‘registro’ just your name for a temporary file for
> the results of find?

Yep, just that. And it is in Spanish. I simply copied the line from my
notes, I used that exact line years ago, and I did not bother to
translate. :slight_smile:

find is a complicated command, with a long man page. It simply finds
recursively any file starting at the current directory (the dot). If it
has an uid of 500 it prints it to the output as a null terminated string
(see man find, search for -print0, for the exact explanation). The
output goes to a pipe that first saves it to a file (the tee) then sends
again to another pipe. The last command on the line creates a new
command line using the string it gets on the output as the last string
in the command line and executes it.

The tee section is not needed at all, it is just that I wanted to see
the list later.

> On the one hand I should probably do this to be
> sure there are no 1001 user ID files on the system prior to creating a
> new user with that ID. However, I also wonder if that could corrupt some
> things now since apps will find two sets of configurations in the temp
> folders for that ID number. It’s something that should have been done
> before I logged back in to that account.

As Henk says, neither the source or the target users can be logged in
while you do that.

You can check in the “/etc/passwd” file which UID are in use. If in
doubt, change users to any other unused UID, like 2001, then back to
whatever you want.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

@hcvv I was logged in as the main user when I changed the ID in YaST for the test user. Likewise, I shall be logged in as the test user when I come to make the changes for the main user.

@robin_listas Thanks for the explanation. I might use the first two parts of your command just to monitor if anything shows up under the old 1001 ID.

Sounds good. But I would go further and probably run in runlevel 1 (no users) and the use the console (there is nothing else) to execute my planned task.

On 2013-04-01 18:26, hcvv wrote:
> Sounds good. But I would go further and probably run in runlevel 1 (no
> users) and the use the console (there is nothing else) to execute my
> planned task.

That’s a bit excessive unless you may have network users :wink:

To be a bit picky, runlevel 3 is fine, or level 2 to disable network.
But if there are no network users, runlevel 5 is just fine: you create
first a new user, say UID 5000, and work with that one.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

it makes sense to exclude pseudo-filesystems lilke /proc etc. Either explicitly do “find / -mount …”, “find /home -mount …” per each mounted filesystem or “find . ( -path ./sys -o -path ./proc -o -path ./dev ) -prune -o …”

On 2013-04-02 05:26, arvidjaar wrote:
>
> robin_listas;2543417 Wrote:
>>
>>>
> Code:
> --------------------
> > >
> > su -
> > cd /
> > find . -uid 500 -print0 | tee registro | xargs -0 chown 1000
> >
> --------------------
>>>
>>
>
> it makes sense to exclude pseudo-filesystems lilke /proc etc. Either
> explicitly do “find / -mount …”, “find /home -mount …” per each
> mounted filesystem or “find . ( -path ./sys -o -path ./proc -o -path
> ./dev ) -prune -o …”

Ah, yes, you are right.

AFAIK, when I did the above, I changed to “/home”, then run that script.
Then change to “/data”, run it again. Repeat on every directory where I
have user files, which are several in my system.

Ah, but it has to be run on /tmp and some other temporaries in /var, too.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

Carlos E. R. wrote:

> On 2013-04-01 18:26, hcvv wrote:
>> Sounds good. But I would go further and probably run in runlevel 1 (no
>> users) and the use the console (there is nothing else) to execute my
>> planned task.
>
> That’s a bit excessive unless you may have network users :wink:
>
> To be a bit picky, runlevel 3 is fine, or level 2 to disable network.
> But if there are no network users, runlevel 5 is just fine: you create
> first a new user, say UID 5000, and work with that one.

Sure glad someone asked this question - I was just about to ask it myself.
In this case, when setting up a clone I managed to swap the UID of 2 users -
don’t ask how as it’s a long, sad tale - so the intermediate user route was
required to swap them but your simple script with minor mods worked fine
once I managed to update /etc/passwd.

Thanks for the help - even if someone else did do the asking.


Will Honea

That may be your conclusion, but it is not mine.
I am not trying to protect against network users, or even local users in the first place. I try to protect against the most dangerous person, the systm manager.

As long as one does not understand that being the system manager is the most dangerous thing to do to your system, you will not understand these precautions I like to take.

On 2013-04-02 09:36, hcvv wrote:
>
> robin_listas;2543605 Wrote:
>>
>> That’s a bit excessive unless you may have network users :wink:
>>
> That may be your conclusion, but it is not mine.
> I am not trying to protect against network users, or even local users
> in the first place. I try to protect against the most dangerous person,
> the systm manager.
>
> As long as one does not understand that being the system manager is the
> most dangerous thing to do to your system, you will not understand
> these precautions I like to take.

What does that have to do with switching to runlevel 1? The system
manager is the only one that can login in level 1, so he still can do
damage… :-?


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

I guess you never will realy understand. It is a way to prevent all those things you forget to think about. It is the attitude of only using the minimum that is needed. It is the attitude of not try to think how far can I go to the border, but how far can I stay away from the border.

It is the same atttitude most of us will show (but I often doubt if they realy live up to it) when it is about “only become root when stricktly needed” against those that now and then show up here and say “I do not make mistakes and after all it is my own system”.

Thus I go for runlevel 1, and lock the room when I walk away to the toilet, and so on and so on.
And nevertheless every few years I will blunder.