[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Re: Root user


maybe the answers where short because it is boring,
having this thread every two months ;->>

(Btw. is there no searchable Website of this List?)

The Fact is nobody should ever think about using two
accounts with same UID.

Linux and it`s Apps are not designed to handle this.

Just think about NIS maps *.byuid ;-)
Although UID 0 should not show up there. :->=>
Also think about NSCD.
Or some Username-checking tools.....

Kernel 1.0 and it`s tools didn`t bother, but
the more Security will be involved in Linux
the less this will work.
So just forget the history, and _never_ use
two accounts with same UID.



François Pinard schrieb:

[Steffen Dettmer]

* Francois Pinard wrote on Wed, Jul 09, 2003 at 10:03 -0400:

I once used to have a `root' and a `root2', both having uid 0 in
`/etc/passwd', and I used this for quite a while, and do not remember
any adverse effect.

What does this help?

Someone wrote that this was not to be recommended, yet without giving real
reasons against it.  I just wanted to say that any recommendation should be
backed by some justification.  In my case, I had good reasons to use `root'
and `root2', and saw nothing wrong with it for the time I needed it.

So far in this thread, I did not see a convincing justification yet, for
avoiding two accounts with the same UID.

It would be interesting to know, "what root" e.g. changed or created a
file, but as you stated, this is not possible this way.

If there is indeed a need to know, then of course, having two accounts for
the same UID is not acceptable.  That need does not necessarily exist.

I think this may introduce some confusion (without any positive effect I
can see) - which I would not recommend.

Or maybe, it just does not introduce any confusion for those needing it.

Maybe this is a reason: KISS (keep it simple, stupid) is a little violated
by such a configuration (which I would call uncommon and missleading,

Uncommon, I agree.  But maybe not misleading at all.  I do not think that if
someone knows what s/he is doing (and why!), there is a real problem.

This thread is a bit amusing, as some correspondents try to guess "why", but
do not necessarily guess correctly.  They then reply to their own guesses...

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here