Weblog entry #3 for kaerast
See all weblog entries made by kaerast.
#3
Renaming User Accounts
Posted by kaerast on Mon 2 Apr 2007 at 16:58
We recently had to rename a user account on a Debian Etch system. If you're thinking of doing this then stop right now, don't. It's more hassle than it's worth. However, given you're like me and really want to go ahead with it anyway may I suggest you backup /etc and /var as well as reading through the following:
Crontabs for that user will stop running. The crontab for the old username will remain in /var/spool/cron/crontabs/oldusername so can easily be copied and pasted with crontab -e and the right permissions. I'm tempted to look into bug reports for this, "crontab -u oldusername -e" returns user unknown, which is technically correct but not entirely helpful.
Gnome will stop loading. This is especially true if you move your home directory and/or change ownership. This can be fixed by changing group ownership and/or creating a symlink from the old home directory.
Apache will break. This can be fixed by editing any virtual sites running form the moved home directory, and any /~username links will need changing.
Mail will do something. We weren't running mail on either of the servers we renamed users on, but I'm fairly sure something will need doing.
MySQL usernames will be out of sync. You can manually rename the MySQL user associated with the shell account which will then break other things, or you can leave as is.
Sudo will break. This is bad. This is very bad. If you break sudo and don't have root access through any other method then you lose root access completely. If you do have root access through another method then you are ok to edit sudoers after renaming the account.
Other authentication may break. Shell accounts are often synchronised with samba, ftp servers, mail servers, ldap, nis, nfs and various other server software. This may be done directly by reading /etc/passwd or it may be done by synchronisation scripts. You need to think about what's running on your server before renaming accounts.
Crontabs for that user will stop running. The crontab for the old username will remain in /var/spool/cron/crontabs/oldusername so can easily be copied and pasted with crontab -e and the right permissions. I'm tempted to look into bug reports for this, "crontab -u oldusername -e" returns user unknown, which is technically correct but not entirely helpful.
Gnome will stop loading. This is especially true if you move your home directory and/or change ownership. This can be fixed by changing group ownership and/or creating a symlink from the old home directory.
Apache will break. This can be fixed by editing any virtual sites running form the moved home directory, and any /~username links will need changing.
Mail will do something. We weren't running mail on either of the servers we renamed users on, but I'm fairly sure something will need doing.
MySQL usernames will be out of sync. You can manually rename the MySQL user associated with the shell account which will then break other things, or you can leave as is.
Sudo will break. This is bad. This is very bad. If you break sudo and don't have root access through any other method then you lose root access completely. If you do have root access through another method then you are ok to edit sudoers after renaming the account.
Other authentication may break. Shell accounts are often synchronised with samba, ftp servers, mail servers, ldap, nis, nfs and various other server software. This may be done directly by reading /etc/passwd or it may be done by synchronisation scripts. You need to think about what's running on your server before renaming accounts.
Comments on this Entry
Posted by cparker (204.136.xx.xx) on Wed 4 Apr 2007 at 19:40
[ Send Message | View cparker's Scratchpad | View Weblogs ]
[ Send Message | View cparker's Scratchpad | View Weblogs ]
Yeah, I noticed some of these issues, too. Seems like a flaw in the designs of these programs to me. Shouldn't they be performing username lookups and just storing the user IDs, since usernames really don't mean much in *nix systems?
[ Parent | Reply to this comment ]
Posted by Anonymous (125.164.xx.xx) on Thu 5 Apr 2007 at 19:31
If you were the administrator, would you want to perform the lookups yourself and put the UID in the config file, or would you rather put a username in the config file since it's easier to read (and write)?
Now, what happens when you change the username and the old username is already in all those small configuration files in /etc?
Kaerast is right. It's not worth the trouble.
Now, what happens when you change the username and the old username is already in all those small configuration files in /etc?
Kaerast is right. It's not worth the trouble.
[ Parent | Reply to this comment ]
Posted by Anonymous (213.164.xx.xx) on Tue 10 Apr 2007 at 08:42
How did you rename the account? I've never had problems.
As long as you keep the uid the same, it should all just work.
As long as you keep the uid the same, it should all just work.
[ Parent | Reply to this comment ]
Posted by Anonymous (213.164.xx.xx) on Tue 10 Apr 2007 at 08:51
Ignore my comment. I changed the entry in passwd, then used find -uid UID to see which files needed renaming. Your article documents it :)
[ Parent | Reply to this comment ]
Posted by Anonymous (145.250.xx.xx) on Thu 5 Jul 2007 at 07:51
What about usermod?
usermod -d /home/bar -m -l bar foo
usermod -d /home/bar -m -l bar foo
[ Parent | Reply to this comment ]