[vox-tech] Can a username be changed?

ME vox-tech@lists.lugod.org
Sun, 9 Feb 2003 13:58:58 -0800 (PST) 

Using vipw or some other tool for editing /etc/passwd is a way to do this.

Be careful in this. Some potential "gotchas":

Often home dirs are namedafter the username. It is a good idea to alter
name of home dir to match new username. Some scripts may do things
"improperly" and do a `whoami` and use this for paths, or assume username
matches /hom/<dirname> when doing shell looped shell scripts...

(Hey kids, dont try this at home)
# cd /home
# for i in * ; do chown ${i}.${i} $i ; done

Also, you may want to grep their homedir "dotfiles" for refs to their old
username. Some apps will redord the user's home dir in env vars and stoe
them in ~/.some.dot.file

If users share apps and have asked others to symlink to stuff they had in
their old dir, then relative links from outside their dir will be broken,
and all absolute path links will be busted.

If you installed other tools that use db generated with the
adduser/useradd scripts, then any username db may "get out of sync by
changing username.

Cron jobs (username based)

If you have filesharing setup with abolute paths (not relative or username
resolvable like samba and netatalk's ~/ or $HOME, then consider changing
those too.

Any .htaccess files that ref specific users by name instead of "require
valid-user" and unwisely use /etc passwd (most of th thime this is not
wise) will ned to be changed.

/var/spool/mail/username ? consider a mail alias and move for new name.

Entries in /etc/groups should be global searched and reolaced to new uid.

As you write, ensure /etc/shadow matches (vipw will likely ask you if you
want to edit shadow after you edit passw if you made changes and are using
shadow passwords.)

You may want to consider ocating files owned by them or named with their
usernamed before enacting changes to help this process:

# find / -name \*USERNAME\* -print > /tmp/USERNAME.named.files.txt
# find / -user USERNAME -print > /tmp/USERNAME.user.owned.files.txt
# find / -group USERNAME -print > /tmp/USERNAME.group.owned.files.txt
# cat /tmp/USERNAME.group.owned.files.txt | sort | uniq -u > \
/tmp/USERNAME.user.diff.group.files.txt

I'm sure there are other places to check, and hope others will fill in any
holes I have left in omission.

So you can do this -I've done it several times: just be careful and
checkback occasionally with user to make sure all is happy. :-)

(Skip this last step if you are a BOFH.)

(more below)

Bill Kendrick said:
>
> Is there a way to change a user's login name under Unix?

Yes.

> Is it safe enough to simply rename their home directory and
> edit their entry in /etc/passwd and /etc/shadow?

Sometimes, but usually, no.

> Or am I dealing with dangerous powers, and would be safe enough
> creating a brand new user and deleting the old one?

You are always dealing with dangerous powers (mr "has a special
relationship with the video frame buffer") but you can manage "dangerous
powers." ;-)

-ME



-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
  Campus IT(/OS Security): Operating Systems Support Specialist Assistant