Rob van der Heij wrote:
On Mon, Jan 19, 2009 at 11:35 PM, Alan Altmark <[email protected]> wrote:
:-) I agree that it is messy. That's the "reducation" (I meant
"reduction") I was talking about.... things that map uids to usernames.
They get confused. Anything that tests for a username of 'root' is broken
already!
That reverse mapping is happening everywhere in Linux. Should we take
"useradd" being unwilling to do so as an omen? Sure, it's just text so
hand-edit the passwd and shadow files (yes, we can).
So do we conclude that using multiple accounts with UID 0 is not a
good idea and certainly does not achieve what you wanted? On the
subject of UID: security gets a lot easier when you can have unique
name and UID across all your servers (that's where a central LDAP
helps a lot).
I created a user fred, with uid=0.
It allowed me to read system log files (it's all I tried). I saw fred
was recorded as having logged in.
Nothing I did was logged.
If I was maliciously inclined, I could have used logger to record a few
bogus messages about Mike, Rob, Adam and a few others logging in, then
logging out. When my more serious misdeeds were discovered later,
there'd be plenty of suspects, and maybe I would not be amongst their
number!
--
Cheers
John
-- spambait
[email protected] [email protected]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
