|
Home > Archive > Unix administration > May 2006 > Duplicat UNIX UIDs
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Duplicat UNIX UIDs
|
|
| dnguy19@gmail.com 2006-05-18, 7:15 pm |
| Hi Everyone,
I'm starting to learn UNIX and someone told me that you can have users
with different login IDS, but have the same UID.
So for example
login ID UNIX UID
cbarkely 100
jvalencia 100
Is this possible? Is so, how does one stop this from occurring?
Any help you can provide is greatly appreciated. Thanks!
Duy
| |
| Cezary Morga 2006-05-18, 7:15 pm |
| dnguy19@gmail.com wrote:
> login ID UNIX UID
> cbarkely 100
> jvalencia 100
>
> Is this possible? Is so, how does one stop this from occurring?
I don't think so...
The person who told you this must have meant GID (Group ID) not UID (User
ID). And this does not occur by itself...
--
---
Cezary Morga
| |
| Dave Hinz 2006-05-18, 7:15 pm |
| On 18 May 2006 11:52:00 -0700, dnguy19@gmail.com <dnguy19@gmail.com> wrote:
> Hi Everyone,
>
> I'm starting to learn UNIX and someone told me that you can have users
> with different login IDS, but have the same UID.
> So for example
> login ID UNIX UID
> cbarkely 100
> jvalencia 100
> Is this possible?
Of course.
> Is so, how does one stop this from occurring?
Don't do that.
The question you're not asking, but I'll answer anyway, is that UIDs are
the only thing the OS really cares about to identify someone. The
"login ID" is just a text field, displayed for human benefit. If your
UID is 100, internally, your files are shown as owned by UID 100. They
don't care what your name is. Handy for changing names of users if they
get married or whatever, by the way.
So, if you add a second user and give them the same UID of 100, and list
their files, Unix sees the first UID 100, and gives "cbarkely" in your
example, as the owner of the file, even if jvalencia made the file.
So, don't do that. Use a tool to manage your passwd file entries, _or_,
always check to make sure that a UID isn't already assigned before
making a new entry in the passwd file, or strange things will happen.
Things get messier when you get into NIS+ or other remote accounts, or
into reusing UIDs. Short version: pick a number for a person's UID and
use it on all servers. Saves an immense amount of trouble. If they
have an employee number, pick the last 5 digits of it and use _that_ for
the UID, for instance.
| |
| Mark Rafn 2006-05-18, 7:15 pm |
| <dnguy19@gmail.com> wrote:
>I'm starting to learn UNIX and someone told me that you can have users
>with different login IDS, but have the same UID.
>login ID UNIX UID
>cbarkely 100
>jvalencia 100
>Is this possible?
In all implementations I know of, this is possible. I'm not sure any spec
requires that it be allowed, but it's not terribly uncommon. It causes no
harm unless someone doesn't realize that it's set up that way. Most utilities
that show username rather than uid will report the first name that's found
for a given ID.
>Is so, how does one stop this from occurring?
The same way you stop any other unwanted practice from occurring - don't do
it, and institute policies (people policies, not technological measures) to
keep others from doing it to you.
--
Mark Rafn dagon@dagon.net <http://www.dagon.net/>
| |
| Kevin Collins 2006-05-18, 7:15 pm |
| In article <446cc6a8@news.home.net.pl>, Cezary Morga wrote:
> dnguy19@gmail.com wrote:
>
>
> I don't think so...
> The person who told you this must have meant GID (Group ID) not UID (User
> ID). And this does not occur by itself...
Umm, if you don't know it, why answer incorrectly? It is very possible, as
others have already mentioned. Not a good idea in most cases, but people do use
this "feature"...
Kevin
--
Unix Guy Consulting, LLC
Unix and Linux Automation, Shell, PERL and CGI scripting
http://www.unix-guy.com
| |
| Barry Margolin 2006-05-19, 1:25 am |
| In article <192vj3-v6h.ln1@hydra.dagon.net>,
dagon@dagon.net (Mark Rafn) wrote:
> <dnguy19@gmail.com> wrote:
>
> In all implementations I know of, this is possible. I'm not sure any spec
> requires that it be allowed, but it's not terribly uncommon. It causes no
> harm unless someone doesn't realize that it's set up that way. Most utilities
> that show username rather than uid will report the first name that's found
> for a given ID.
>
>
> The same way you stop any other unwanted practice from occurring - don't do
> it, and institute policies (people policies, not technological measures) to
> keep others from doing it to you.
You can also make use of utilities and scripts to generate UIDs whan
adding new users, and they can ensure that the UID isn't already in use.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
| |
|
| Begin <barmar-4A8910.22330518052006@comcast.dca.giganews.com>
On 2006-05-19, Barry Margolin <barmar@alum.mit.edu> wrote:
> In article <192vj3-v6h.ln1@hydra.dagon.net>,
> dagon@dagon.net (Mark Rafn) wrote:
>
> You can also make use of utilities and scripts to generate UIDs whan
> adding new users, and they can ensure that the UID isn't already in use.
Duplicate UIDs where they don't belong are a people problem, if only
because the system has no way of knowing when it's warranted and when
it's not. Whether you have technological tools deployed or not, there
will always be cases that magically slip through any technology you can
throw at the problem. And worse, the more restrictive the fences get,
the more normal work is likely to be impeded for comparatively less and
less gain in battling the problem.
Mark correctly noted that for problems where that is likely (``people
problems'') one institutes policies. Yes, technological measures can
assist, but cannot solve, in such cases.
--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law.
| |
| Michael Paoli 2006-05-29, 5:32 pm |
| dnguy19@gmail.com wrote:
> I'm starting to learn UNIX and someone told me that you can have users
> with different login IDS, but have the same UID.
> So for example
> login ID UNIX UID
> cbarkely 100
> jvalencia 100
>
> Is this possible? Is so, how does one stop this from occurring?
> Any help you can provide is greatly appreciated. Thanks!
Yes it's possible.
To stop it from occurring:
o Don't do it, it's generally a rather to quite bad idea.
o Many common utilities try to prevent such from occurring, at least
by default.
o Other utilities (e.g. pwck(8)) will typically detect and warn of
such an occurrence.
Most of the reasons not to do it are security related, and you'll find
lots of material on this in news:comp.security.unix and other UNIX
security references and sources.
|
|
|
|
|