[vox-tech] Can a username be changed?

ME vox-tech@lists.lugod.org
Sun, 9 Feb 2003 14:15:31 -0800 (PST)


(some mistakes fixed)

ME said:
> Using vipw or some other tool for editing /etc/passwd is a way to do
> this.
>
> Be careful in this. Some potential "gotchas":
>
> Often home dirs are namedafter the username. It is a good idea to alter
> name of home dir to match new username. Some scripts may do things
> "improperly" and do a `whoami` and use this for paths, or assume
> username matches /home/<dirname> when doing shell looped shell scripts...
>
> (Hey kids, dont try this at home)
> # cd /home
> # for i in * ; do chown ${i}.${i} $i ; done
>
> Also, you may want to grep their homedir "dotfiles" for refs to their
> old username. Some apps will redord the user's home dir in env vars and
> stoe them in ~/.some.dot.file
>
> If users share apps and have asked others to symlink to stuff they had
> in their old dir, then relative links from outside their dir will be
> broken, and all absolute path links will be busted.
>
> If you installed other tools that use db generated with the
> adduser/useradd scripts, then any username db may "get out of sync by
> changing username.
>
> Cron jobs (username based)

The files are named after the username, and the control for
cron.allow/deny is username based. (I was not detailed enough here.)

> If you have filesharing setup with abolute paths (not relative or
> username resolvable like samba and netatalk's ~/ or $HOME, then consider
> changing those too.

I don't recall if samba and netatalk dynamically ref these for each
connection, or at startup from /etc/passwd. Daemons may need to be
restarted, but probably most won't.

> Any .htaccess files that ref specific users by name instead of "require
> valid-user" and unwisely use /etc passwd (most of th thime this is not
> wise) will ned to be changed.
>
> /var/spool/mail/username ? consider a mail alias and move for new name.
>
> Entries in /etc/groups should be global searched and reolaced to new
> uid.

Sorry. Jumbled two thought into one. (faulty compression routine.)
Many Linus distros user a group name that matches the username. Locate the
gid and alter that gid's group name to match the new username.

also, if that older username is in several groups, make sure and do a
global search and replace of the old username to the new one to preserve
special group access.

> As you write, ensure /etc/shadow matches (vipw will likely ask you if
> you want to edit shadow after you edit passw if you made changes and are
> using shadow passwords.)
>
> You may want to consider ocating files owned by them or named with their
> usernamed before enacting changes to help this process:
>
> # find / -name \*USERNAME\* -print > /tmp/USERNAME.named.files.txt
> # find / -user USERNAME -print > /tmp/USERNAME.user.owned.files.txt
> # find / -group USERNAME -print > /tmp/USERNAME.group.owned.files.txt
> # cat /tmp/USERNAME.group.owned.files.txt | sort | uniq -u > \
> /tmp/USERNAME.user.diff.group.files.txt

Big oops for last command. changed to:
# cat /tmp/USERNAME.user.owned.files.txt \
        /tmp/USERNAME.group.owned.files.txt | sort | uniq -u > \
        /tmp/USERNAME.user.diff.group.files.txt
It tries to locate collisions in both lists and look for anomalies. This
permits you to just look at the anomalies and either the group or username
text files. (saves time)

> I'm sure there are other places to check, and hope others will fill in
> any holes I have left in omission.
>
> So you can do this -I've done it several times: just be careful and
> checkback occasionally with user to make sure all is happy. :-)
>
> (Skip this last step if you are a BOFH.)
>
> (more below)
>
> Bill Kendrick said:
>>
>> Is there a way to change a user's login name under Unix?
>
> Yes.
>
>> Is it safe enough to simply rename their home directory and
>> edit their entry in /etc/passwd and /etc/shadow?
>
> Sometimes, but usually, no.
>
>> Or am I dealing with dangerous powers, and would be safe enough
>> creating a brand new user and deleting the old one?
>
> You are always dealing with dangerous powers (mr "has a special
> relationship with the video frame buffer") but you can manage "dangerous
> powers." ;-)


-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html