× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2017

RE: Changing everyone's UID Was: NFS security

For linux at least yes. If you are using active directory (at least the
way that Centrify implements it) then the uid will match the windows
one. If you have separate signons it is easy enough to change it. I just
used these instructions last week to match linux uid/gid to windows
specifically so that I could use NFS and not have to worry about mapping
numbers.
https://www.cyberciti.biz/faq/linux-change-user-group-uid-gid-for-all-ow
ned-files/





Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Rob Berendt
Sent: Tuesday, October 31, 2017 7:41 AM
To: Midrange Systems Technical Discussion
Subject: Changing everyone's UID Was: NFS security

Due to NFS security concerns I am thinking of changing everyone's UID
on
every system to match their employee number. This sure beats opening
up
our /Banking subdirectory to QNFSANON so every Tom, Dick and Harry can
MOUNT over that EXPORTFS.

Anyone see a concern with this?

From my reading I see that the user cannot be active in any process.
And if we have any temporary employee numbers we often use an alpha
character which we'll have to use a number instead.

https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_73/apis/Q
SYCHGID.htm

Also, not that this affects my current project but is there some way
to set a
Windows user UID? Linux?

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Rob Berendt <rob@xxxxxxxxx>
To: Midrange Systems Technical Discussion
<midrange-l@xxxxxxxxxxxx>
Date: 10/31/2017 08:27 AM
Subject: Re: NFS security
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



Thank you. That's exactly what I am looking for.
Now comes the next project: Changing everyone's "User ID number" UID.
Stay tuned for follow up thread...


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Jack Kingsley <iseriesflorida@xxxxxxxxx>
To: Midrange Systems Technical Discussion
<midrange-l@xxxxxxxxxxxx>
Date: 10/31/2017 05:27 AM
Subject: Re: NFS security
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



Rob, check number 3 out when you have time.
http://www-01.ibm.com/support/docview.wss?uid=nas8N1016376



On Mon, Oct 30, 2017 at 3:20 PM, Rob Berendt <rob@xxxxxxxxx> wrote:

I am talking about NFS, as in EXPORTFS and MOUNT. I am not talking
about
QNTC, NetServer and that stuff.

When I EXPORTFS a directory and some other lpar (could also be
Windows
or
Linux) does a MOUNT on this, the user associated with the access is
QNFSANON. Well, I have a problem with having to run
CHGAUT OBJ('/Banking') USER(QNFSANON) DTAAUT(*RWX)
OBJAUT(*ALL)
SUBTREE(*ALL)
to allow access to the '/Banking' directory to every Tom, Dick and
Harry
to allow NFS access between lpars.
Is there some option on EXPORTFS to say use the credentials of the
remote
user?

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.