[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Multiple usernames for single UID
|
From: |
Stephan Trebels |
|
Subject: |
Re: Multiple usernames for single UID |
|
Date: |
26 May 2003 14:27:14 +0200 |
In my understanding there is just one user per uid. The uid IS the user
as far as UNIX is concerned. In the Hurd you can have multiple uids for
a process, taking this a step further - still, this is number-based.
Whether this user has a passwd/NIS/netinfo/? entry or not, is only
relevant for calls like getpwuid or getpwnam. Also there is no order of
names for an uid, so the id=>name mapping for display is undefined and
may change at any time.
All permissions in UNIX are based on the uid (I wonder what POSIX
specifies about ACLs, but I'd assume this uses names also just for easy
of entry). I doubt very much, that a task or thread will ever know
about the name that generated the uid. This will only be in the shell
env and wtmp/utmp/lastlog logs.
whether the login program might make a difference for the users or not,
and where, I doubt, that POSIX specifies behaviour here. Normally you
are able to use specific login shells, home dirs, utmp/wtmp entries, but
this is relying on unspecified behaviour.
I admit, I've also used multiple accounts with UID 0 which had different
login shells, but this needs thought and is not portable across UNIX
systems. Also, which username will be used for display of a processes,
file ownership, etc. purely depends on getpwuid semantics - IOW pure
luck. It doesn't even have to be consistent over time (imagine a hashed
db rebuild).
I can see an application for this, but my personal opinion is to avoid
it as much as possible and use SUDO-like solutions, instead. There are
loads of these programs available and you can execute certain logged
commands using certain privileges, which is typically enough.
Stephan
On Mon, 2003-05-26 at 13:44, Budi Rahardjo wrote:
> On Sun, May 25, 2003 at 10:20:47PM -0700, Barry deFreese wrote:
> > Yes some. Though I have to agree with Bjorn's response. Isn't this
> > what groups and/or different levels of authority are for? Shouldn't
> > there be one true "root" and the others be more root equivilents? I
> > hope this doesn't come across as snide, I am merely curious.
>
> Yes, there is only one "real" root. (eg. needed for machines that go
> into single user and need fsck.)
> The others are merely "equivalents". I put quotes since the others
> (equivalents) have UID 0 too.
> Having multiple admins allowed us to guard our production machines
> 24 hours/day. We took turns staying up for our spoiled machines ;-)
>
> Below us, there were other admins with lower levels of authority,
> eg. web programmers, or DBA, or ... what have you.
>
> That was the practice we used when I was working for a large entity.
> Now, I work in a smaller (startup) team and continue using that
> practice. I don't know if there is better practice or if our practice
> is flawed. At least that's where we use single UID with multiple usernames.
> (to answer the question.)
>
> Cheers....
> -- budi
> --
> http://budi.insan.co.id
>
>
> _______________________________________________
> Help-hurd mailing list
> Help-hurd@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-hurd
--
Stephan Trebels <stephan@ncube.de> Consultant
company: nCUBE Deutschland GmbH, Hanauer Str. 56, 80992 Munich, Germany
phone: cell:+49 172 8433111 office:+49 89 1498930 fax:+49 89 14989350