Re: problems with manual page usermod.8 and useradd.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Feb 22, 2018 at 10:12:44PM +0100, MarkusHiereth wrote: > Hello, > > when updating the German translations of the shadow package, I > encountered strange things in the documentation. For example an option > --non-unique for the commands useradd and usermod. With the first, the > system administrator is able to force the system to create a new user > with an ID that already exists, which is related to another user. > > One effect I would expect after using useradd with this option is that > files and directories are owned by two persons - as the UID of a file > indicates the owner. No. The relevant bit of information are the "numbers" (UID, GID), and those files carry just one of each. The number itself has several "names", i.e. UID 1000 has two names, "sally" and "mike". (This is a pattern you'll find at many places in the Unixoid culture: one inode can be referred by several directory entries (aka one "file" can have several "names"), an IP address can have several DNS entries, yadda, yadda). David Wright already hinted at that, but I'm not sure whether this was clear enough for someone not familiar with the concept. > Has anybody an idea about the purpose of such an option? Hm. Dunno. Perhaps there are programs out there which insist in having a fixed user/group name for some function. Soft transitions. That kind of thing. Cheers - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlqPzpQACgkQBcgs9XrR2kYtbACcDpdAiamq8KcJdCs6HML98brD SWMAnijQ91rCKXXCb8Z0Q2D/KsQIX1Jp =AzNU -END PGP SIGNATURE-
Re: problems with manual page usermod.8 and useradd.8
On Thu, Feb 22, 2018 at 05:09:34PM -0500, Roberto C. Sánchez wrote: > I have seen this used on old UNIX or BSD systems to create a second root > account. For example, the standard default root account is set to use > some old sh or csh implementation. Somebody installs bash (probably in > /usr/local) and wants to be able to log in as root and have that be the > default shell. However it might be dangerous to change root's default > shell, so you create a second account called 'toor' with user ID 0 and > the same home directory as root and set its default shell to > /usr/local/bin/bash (or whatever). Then administrators are able to log > in as 'toor' to get bash as the default shell. I've seen variants of this as well, but usually you do it by running vipw to edit the passwd file (or its BSD equivalent) directly. Who's got time to waste learning a bunch of obscure useradd or usermod options? :) (Seriously, I believe the actual purpose of useradd/usermod is for package post-install commands, not human use. Humans can just edit the file manually. Plus you get to clean up the ordering of the UIDs and such while you're in there.)
Re: problems with manual page usermod.8 and useradd.8
On 22 February 2018 at 21:12, MarkusHiereth wrote: > Hello, > > when updating the German translations of the shadow package, I > encountered strange things in the documentation. For example an option > --non-unique for the commands useradd and usermod. With the first, the > system administrator is able to force the system to create a new user > with an ID that already exists, which is related to another user. > > One effect I would expect after using useradd with this option is that > files and directories are owned by two persons - as the UID of a file > indicates the owner. > > Has anybody an idea about the purpose of such an option? > Perhaps it was created for people suffering from multiple personality disorder. Who knows Cheers MF > > >From my point of view it is necessary that the respective manual pages > explain why one might use such an option and / or warn what a mess > might be created with it. > > On the debian IRC channel, one comment on this problem was, Linux is a > friendly operating system. It will not prevent users from shooting > themselves in the foot. > > Please cc your posts to my mail addresse as I am not a subscriber of > this list. > > Best regards > Markus > >
Re: problems with manual page usermod.8 and useradd.8
On Thu 22 Feb 2018 at 22:12:44 (+0100), MarkusHiereth wrote: > Hello, > > when updating the German translations of the shadow package, I > encountered strange things in the documentation. For example an option > --non-unique for the commands useradd and usermod. With the first, the > system administrator is able to force the system to create a new user > with an ID that already exists, which is related to another user. > > One effect I would expect after using useradd with this option is that > files and directories are owned by two persons - as the UID of a file > indicates the owner. Well, yes, the UID/GID is how the system keeps track of who owns what. > Has anybody an idea about the purpose of such an option? I'm afraid the purpose is defined by the imagination of the person who sets it up that way. Typical for computers, people find uses. Different login identities but sharing the same files could be one reason. Whatever. > >From my point of view it is necessary that the respective manual pages > explain why one might use such an option and / or warn what a mess > might be created with it. The way to avoid a mess is to use adduser. useradd is for those who know what they're doing. > On the debian IRC channel, one comment on this problem was, Linux is a > friendly operating system. It will not prevent users from shooting > themselves in the foot. That's true. But it also has the philosophy of not preventing things just for the sake of it. Cheers, David.
Re: problems with manual page usermod.8 and useradd.8
On Thu, Feb 22, 2018 at 10:12:44PM +0100, MarkusHiereth wrote: > > Has anybody an idea about the purpose of such an option? > Hi Markus, I have seen this used on old UNIX or BSD systems to create a second root account. For example, the standard default root account is set to use some old sh or csh implementation. Somebody installs bash (probably in /usr/local) and wants to be able to log in as root and have that be the default shell. However it might be dangerous to change root's default shell, so you create a second account called 'toor' with user ID 0 and the same home directory as root and set its default shell to /usr/local/bin/bash (or whatever). Then administrators are able to log in as 'toor' to get bash as the default shell. I have never implemented such a scheme myself, I just recall having seen it on some very old systems I used a long time ago. Regards, -Roberto -- Roberto C. Sánchez