Maintaining a consistent UID for Linux users across servers both on-premise and in the cloud is a difficult problem, but critical when using shared resources like NFS that manage permissions on UIDs.
Turbot Guardrails managed Linux Users can now be configured to use a standard UID across all servers, and the UID can be based on Active Directory settings or products that provide UID synchronization. For customers using Turbot Guardrails Directories model, the linuxUid service login can be set directly from a field in the user source profile (e.g. Active Directory record) or can be calculated from those fields using a known algorithm (e.g. objectSID to UID). For special cases, Custom UIDs can also be managed through the Turbot Guardrails API and will be safely protected from duplication.
Similarly, the GID can also be set through linuxGid.
For existing customers:
- By default, there is no change. Turbot Guardrails will continue to use per-server UID and GID for users until the appropriate Directory model and Policies are set.
- Once set, Turbot Guardrails will automatically migrate the UID and GID for users - including permissions of their files.
As always, please use Turbot GuardrailsPolicies to test this change in an isolated environment first. Note: This feature requires the use of Turbot Guardrails Directories.