[gpfsug-discuss] Change uidNumber and gidNumber for billions of files

Tue Jun 9 07:53:00 BST 2020

Hi Lohit (hey Jim & Christof),

  Whilst you _could_ trawl your entire filesystem, flip uids and work
out how to successfully replace ACL ids without actually pushing ACLs
(which could break defined inheritance options somewhere in your file
tree if you had not first audited your filesystem) the systems head in
me says:

"We are planning to migrate from LDAP to AD, and one of the best
solution was to change the uidNumber and gidNumber to what SSSD or
Centrify would resolve."
Here's the problem: to what SSSD or Centrify would resolve

I've done this a few times in the past in a previous life.  In many
respects it is easier (and faster!) to remap the AD side to the uids
already on the filesystem.
E.G. if user foo is id 1234, ensure user foo is 1234 in AD when you move
your LDAP world over.
Windows ldifde utility can import an ldif from openldap to take the
config across.
Automation or inline munging can be achieved with powershell or python.

I presume there is a large technical blocker which is why you are
looking at remapping the filesystem?

Best,

Jez

On 09/06/2020 03:52, Christof Schmitt wrote:
> If there are ACLs, then you also need to update all ACLs 
> (gpfs_getacl(), update uids and gids in all entries, gpfs_putacl()),
> in addition to the chown() call.
>  
> Regards,
>  
> Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ
> christof.schmitt at us.ibm.com  ||  +1-520-799-2469    (T/L: 321-2469)
>  
>  
>
>     ----- Original message -----
>     From: Jim Doherty <jjdoherty at yahoo.com>
>     Sent by: gpfsug-discuss-bounces at spectrumscale.org
>     To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
>     Cc:
>     Subject: [EXTERNAL] Re: [gpfsug-discuss] Change uidNumber and
>     gidNumber for billions of files
>     Date: Mon, Jun 8, 2020 5:57 PM
>      
>      
>     You will need to do this with chown from the  c library functions 
>     (could do this from perl or python).   If you try to change this
>     from a shell script  you will hit the Linux command  which will
>     have a lot more overhead.     I had a customer attempt this using
>     the shell and it ended up taking forever due to a brain damaged
>     NIS service :-).   
>      
>     Jim 
>      
>     On Monday, June 8, 2020, 2:01:39 PM EDT, Lohit Valleru
>     <valleru at cbio.mskcc.org> wrote:
>      
>      
>     Hello Everyone,
>      
>     We are planning to migrate from LDAP to AD, and one of the best
>     solution was to change the uidNumber and gidNumber to what SSSD or
>     Centrify would resolve.
>      
>     May I know, if anyone has come across a tool/tools that can change
>     the uidNumbers and gidNumbers of billions of files efficiently and
>     in a reliable manner?
>     We could spend some time to write a custom script, but wanted to
>     know if a tool already exists.
>      
>     Please do let me know, if any one else has come across a similar
>     situation, and the steps/tools used to resolve the same.
>      
>     Regards,
>     Lohit
>     _______________________________________________
>     gpfsug-discuss mailing list
>     gpfsug-discuss at spectrumscale.org
>     http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>     _______________________________________________
>     gpfsug-discuss mailing list
>     gpfsug-discuss at spectrumscale.org
>     http://gpfsug.org/mailman/listinfo/gpfsug-discuss 
>
>  
>
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss

-- 
*Jez Tucker*
VP Research and Development | Pixit Media
e: jtucker at pixitmedia.com <mailto:jtucker at pixitmedia.com>
Visit www.pixitmedia.com <https://www.pixitmedia.com>

-- 
 <https://twitter.com/PixitMedia>  
<https://www.linkedin.com/company/pixitmedia>

<https://www.pixitmedia.com/>

This email is confidential in that it is 
intended for the exclusive attention of the addressee(s) indicated. If you 
are not the intended recipient, this email should not be read or disclosed 
to any other person. Please notify the sender immediately and delete this 
email from your computer system. Any opinions expressed are not necessarily 
those of the company from which this email was sent and, whilst to the best 
of our knowledge no viruses or defects exist, no responsibility can be 
accepted for any loss or damage arising from its receipt or subsequent use 
of this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20200609/2180c05a/attachment-0002.htm>