Red Hat ENTERPRISE LINUX 4 - INTRODUCTION TO SYSTEM ADMINISTRATION Administration Manual page 127

Chapter 6. Managing User Accounts and Resource Access
6.1.1.2. Dealing with Name Changes
If your organization uses a naming convention that is based on each user's name, it is a fact of life that
you will eventually have to deal with name changes. Even if a person's actual name does not change,
a change in username may from time to time be requested. The reasons can range from the user not
being satisfied with the username to the user being a senior official in your organization and willing
to use their influence to obtain a "more appropriate" username.
No matter what the reason, there are several issues to keep in mind when changing a username:
Make the change to all affected systems
•
Keep any underlying user identification constant
•
Change the ownership of all files and other user-specific resources (if necessary)
•
Handle email-related issues
•
First and foremost, it is important to make sure that the new username is propagated to all systems
where the original username was in use. Otherwise, any operating system function that relies on the
username may work on some systems and not on others. Certain operating systems use access control
techniques based on usernames; such systems are particularly vulnerable to problems stemming from
a changed username.
Many operating systems use some sort of user identification number for most user-specific processing.
To minimize the problems stemming from a username change, try to keep this identification number
constant between the new and the old username. Failure to do so often results in a scenario where the
user can no longer access files and other resources that they had previously owned under their original
username.
If the user identification number must be changed, it is necessary to change the ownership for all files
and user-specific resources to reflect the new user identification. This can be an error-prone process,
as it seems that there is always something in some forgotten corner of a system that ends up being
overlooked.
Issues related to email are probably the one area where a username change is the most difficult. The
reason for this is that unless steps are taken to counteract it, email addressed to the old username will
not be delivered to the new username.
Unfortunately, the issues surrounding the impact of username changes on email are multi-dimensional.
At its most basic, a username change means that people no longer know the correct username for
the person. At first glance, this might not seem to be such a problem — notify everyone in your
organization of the change. But what about anyone outside of your organization that has sent this
person email? How should they be notified? And what about mailing lists (both internal and external)?
How can they be updated?
There is no easy answer to these questions. The best answer may be one of creating an email alias
such that all email sent to the old username is automatically forwarded to the new username. The user
can then be urged to alert anyone who sends them email that their username has changed. As time
goes on, fewer and fewer email messages will be delivered using the alias; eventually the alias can be
removed.
While the use of aliases, at some level, perpetuates an incorrect assumption (that the user now known
as esmith is still known as ejones), it is the only way to guarantee that email reaches the proper person.
Important
If you use email aliases, be sure you take whatever steps are necessary to protect the old username
from potential reuse. If you do not do this, and a new user receives the old username, email delivery
(for either the original user or the new user) may be disrupted. The exact nature of the disruption
depends on how email delivery is implemented on your operating system, but the two most likely
symptoms are:
115