The Linux Standard userids can be seen at
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-users-groups-standard-users.html

----------------------------------------------------------------------------------------------------

The Linux Standard groups can be seen at
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-users-groups-standard-groups.html

----------------------------------------------------------------------------------------------------

               Delphion's Standard for Linux Userids and Groups

The intent is to define needed userids and the groups they belong to in a consistent manner so
for example, un-tar'd files and directories result in the same userid & group, or a ls in an
AFS directory, will be consistent across systems.

We follow the Linux standard of user name=Primary group name and user id=Primary group id.
For example, the primary group for the inst1 user (user id=201) is inst1 (group id=201).

Linux userids cannot contain uppercase characters (why the heck not?  I dunno)
AIX userids also cannot exceed 8 characters (e.g. xemployee gets truncated to xemployee).

You can use the add.AFS.ids in this directory to add common ids (check first for currency).

   User Name   User ID    Group Name  Group ID   Purpose
   =========   =======    ==========  ========   =========================================================
   ---           202      ---           202      Free to be used for whatever you'd like.
   dasusr1       203      dasusr1       203      ???
   db2as         204      db2as         204      ???

   ipnfenc1      220      ipnfenc1      220      DB2 Fence ID for the IPN Production database
 * ipnnc         221      inst1         221      Instance & Privileged DB2 Group for the IPN Production db
   devfenc1      222      devfenc1      222      DB2 Fence ID for the IPN Development database
 * devnc         223      devnc         223      Instance & Privileged DB2 Group for the IPN Development db
   sbyfenc1      224      sbyfenc1      224      DB2 Fence ID for the IPN Southbury database
 * sbync         225      sbync         225      Instance & Privileged DB2 Group for the IPN Southbury db

   ipnuser       400      ipnuser       400      Net Commerce User (Used by Kin, Edward, Santokh)
 * ipsadmin      401      ipsadmin      401      Privileged id for Verity & Web Server Worlds
   ipsrun        402      ipsrun        402      Non-privileged id & Group for Web Server Daemons
   mqm           403      mqm           403      MQ Series Userid & Group
   ---           ---      mqbrkrs       404      MQ Series Broker Group

   db2inst1      624      db2inst1      624      DB2 Instance ID for the Patent database
   db2fenc1    **625      db2fenc1    **625      DB2 Fence ID for the Patent database
 * inst1       **628      inst1       **628      Instance & Privileged DB2 Group for the Patent db

 * Denotes privileged userids and/or groups.
** We formerly had db2fenc1=200 and inst1=201, but a standard AIX 5.2 install uses UID=200 for invscout
   and UID=201 for snapp, so these got changed to what EDC uses.

----------------------------------------------------------------------------------------------------

Miscellaneous Tidbits:

To search for and find directories/files/links owned by changed userid and/or groups, try
  find / -name afs -prune -o -name proc -prune -o -user  109 -exec chown -h inst1 {} \;
  find / -name afs -prune -o -name proc -prune -o -group 104 -exec chgrp -h inst1 {} \;

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

For the privileged DB2 instances & groups (inst1, ipnnc, devnc, sbync), you can use the
   db2 get dbm cfg | grep SYSADM
you'll see something like
   SYSADM group name                        (SYSADM_GROUP) = DBADMIN1

To update,
   db2 update dbm cfg using sysadmin_group inst1

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

I'm getting away from the www (660) group because it's used for too many conflicting purposes.
  * It's the web server daemon group.
  * It's used to authenticate developers write access to particular directories.

Instead, use ipsrun (402) for any non-privileged userid & group, mostly intended for all web servers.

EDC uses the delphion (5001) group for privileged access to things, which makes sense.
  (I was considering using the ipsadmin (401) userid and group for privileged access to things,
   but this isn't what EDC did, so wasn't what I rolled out in Eagan's NIS.)

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

The db2fenc1 group  can be deleted.
The db2ipn   group  can be deleted.
The HTTPGRP  group  can be deleted.
The imnadm   userid is associated with that old IMNSearch crap.  I delete both when I find either.
The inst2adm userid can be deleted.
The lastmod  userid can be deleted.
The netinst  userid is associated with bos.compat.NetInstl.  It to can be uninstalled with
                    installp -u bos.compat.NetInstl
The nqadm    userid can be deleted.
The optiuser userid can be deleted.
The viador   userid can be deleted.

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -