Bug 3643

Summary: ncsd changes semantics of multiple users with same uid
Product: [Retired] Red Hat Linux Reporter: Jay Berkenbilt <ejb>
Component: yp-toolsAssignee: Cristian Gafton <gafton>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: ejb
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-07-02 22:35:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jay Berkenbilt 1999-06-22 19:51:18 UTC 
(Note: nscd is not available as a component when entering a
bug, so, since component is mandatory, I've chosen yp-tools
even though this doesn't have anything to do with that.)

When multiple users with the same uid appear in the passwd
file, mapping from uid to username always matches the first
entry.  This allows one to create multiple logins for the
same uid -- a very useful feature, and one that has existed
in UNIX environments for as long as I can recall.

When using nscd, the semantics change -- the uid to username
mapping resolves to whichever user was last accessed.

For example, create a user called "dump" in the passwd file
with uid 0.  Make sure dump comes after root.  Do ps aux.
Most processes are owned by root.  Now do su dump -fc
whoami.  Now do ps aux again.  Most processes are owned by
dump.  whoami returns dump.  If you stop nscd, this problem
goes away.

This can be a serious problem.  A lot of programs don't work
right if uid 0 doesn't map to root, but some software or
configurations may require a particular username to be
configured for a particular service.  Other similar problems
can occur with, for example, multiple logins to the same
guest ftp account.

Even though I think this is a fairly serious problem, I've
suggested "normal" for both priority and severity since the
workaround of not running nscd is simple and effective...
Comment 1 Cristian Gafton 1999-07-02 22:35:59 UTC 
"Don't do that then". Having duplicate UIDs, you're on your own.
Especially for root.