[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Re: Root user



Hi,

maybe the answers where short because it is boring,
having this thread every two months ;->>

(Btw. is there no searchable Website of this List?)

The Fact is nobody should ever think about using two
accounts with same UID.

Linux and it`s Apps are not designed to handle this.

Just think about NIS maps *.byuid ;-)
Although UID 0 should not show up there. :->=>
Also think about NSCD.
Or some Username-checking tools.....

Kernel 1.0 and it`s tools didn`t bother, but
the more Security will be involved in Linux
the less this will work.
So just forget the history, and _never_ use
two accounts with same UID.


Greetings

  Dirk





François Pinard schrieb:

[Steffen Dettmer]


* Francois Pinard wrote on Wed, Jul 09, 2003 at 10:03 -0400:

I once used to have a `root' and a `root2', both having uid 0 in
`/etc/passwd', and I used this for quite a while, and do not remember
any adverse effect.


What does this help?


Someone wrote that this was not to be recommended, yet without giving real
reasons against it.  I just wanted to say that any recommendation should be
backed by some justification.  In my case, I had good reasons to use `root'
and `root2', and saw nothing wrong with it for the time I needed it.

So far in this thread, I did not see a convincing justification yet, for
avoiding two accounts with the same UID.


It would be interesting to know, "what root" e.g. changed or created a
file, but as you stated, this is not possible this way.


If there is indeed a need to know, then of course, having two accounts for
the same UID is not acceptable.  That need does not necessarily exist.


I think this may introduce some confusion (without any positive effect I
can see) - which I would not recommend.


Or maybe, it just does not introduce any confusion for those needing it.


Maybe this is a reason: KISS (keep it simple, stupid) is a little violated
by such a configuration (which I would call uncommon and missleading,
maybe).


Uncommon, I agree.  But maybe not misleading at all.  I do not think that if
someone knows what s/he is doing (and why!), there is a real problem.

This thread is a bit amusing, as some correspondents try to guess "why", but
do not necessarily guess correctly.  They then reply to their own guesses...



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here