denisart benjamin2 - 13:49 26.03.14 wrote:
Le 26/03/2014 13:46, Ludwig Nussel a écrit :
Henne Vogelsang wrote:
On 26.03.2014 11:55, Guido Berhoerster wrote:
Sharing a user name between a system user and a normal user leads to surprising or even security relevant misbehavior as the daemon user may write to files in the real user's home or vice versa.
That one you have to explain to me. How is that possible if the UID is different?
hans@rhett:~> id uid=13045(hans) gid=100(users) groups=100(users) hans@rhett:~> ls -lad /home/hans drwxr-xr-x 2 hans users 4096 Mar 26 13:25 /home/hans hans@rhett:~> ls -ladn /home/hans drwxr-xr-x 2 13044 100 4096 Mar 26 13:25 /home/hans hans@rhett:~> touch /home/hans/blah touch: cannot touch ‘/home/hans/blah’: Permission denied hans@rhett:~>
So you manually edited your /etc/passwd or forced useradd to create two user hans with different uids. That's not what happens when installing packages. Packages typically call useradd in %pre. If the user already exists the useradd is either not called or the error ignored. So the package would re-user the existing user. In the case of hans the one with uid 13044 that owns /home/hans. There wouldn't be a second hans with uid 13045.
cu Ludwig
Question : is that possible to share users between unprivilegied daemons ? It would avoid to have tons of users.
In general not. They would have access to data of each other. And which daemon is unprivileged? :-) -- Michal HRUSECKY SUSE LINUX, s.r.o. openSUSE Team Lihovarska 1060/12 PGP 0xFED656F6 19000 Praha 9 mhrusecky[at]suse.cz Czech Republic http://michal.hrusecky.net http://www.suse.cz -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org