Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: [suse-security] Re: Root user
  • From: Dirk Schreiner <dirk.schreiner@xxxxxxx>
  • Date: Thu, 10 Jul 2003 10:26:32 +0200
  • Message-id: <3F0D2338.6000101@xxxxxxx>
Hi,

maybe the answers where short because it is boring,
having this thread every two months ;->>

(Btw. is there no searchable Website of this List?)

The Fact is nobody should ever think about using two
accounts with same UID.

Linux and it`s Apps are not designed to handle this.

Just think about NIS maps *.byuid ;-)
Although UID 0 should not show up there. :->=>
Also think about NSCD.
Or some Username-checking tools.....

Kernel 1.0 and it`s tools didn`t bother, but
the more Security will be involved in Linux
the less this will work.
So just forget the history, and _never_ use
two accounts with same UID.


Greetings

Dirk





François Pinard schrieb:

[Steffen Dettmer]


* Francois Pinard wrote on Wed, Jul 09, 2003 at 10:03 -0400:

I once used to have a `root' and a `root2', both having uid 0 in
`/etc/passwd', and I used this for quite a while, and do not remember
any adverse effect.


What does this help?


Someone wrote that this was not to be recommended, yet without giving real
reasons against it. I just wanted to say that any recommendation should be
backed by some justification. In my case, I had good reasons to use `root'
and `root2', and saw nothing wrong with it for the time I needed it.

So far in this thread, I did not see a convincing justification yet, for
avoiding two accounts with the same UID.


It would be interesting to know, "what root" e.g. changed or created a
file, but as you stated, this is not possible this way.


If there is indeed a need to know, then of course, having two accounts for
the same UID is not acceptable. That need does not necessarily exist.


I think this may introduce some confusion (without any positive effect I
can see) - which I would not recommend.


Or maybe, it just does not introduce any confusion for those needing it.


Maybe this is a reason: KISS (keep it simple, stupid) is a little violated
by such a configuration (which I would call uncommon and missleading,
maybe).


Uncommon, I agree. But maybe not misleading at all. I do not think that if
someone knows what s/he is doing (and why!), there is a real problem.

This thread is a bit amusing, as some correspondents try to guess "why", but
do not necessarily guess correctly. They then reply to their own guesses...



< Previous Next >
Follow Ups