Bug 3840
Summary: | uids are reused without effective file cleanup | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | dharris |
Component: | shadow-utils | Assignee: | Cristian Gafton <gafton> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 6.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 1999-08-24 01:11:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
dharris
1999-06-30 21:25:14 UTC
userdel has no way of tracking user's files. As for the allocation algorithm, it is hard to design a scheme that will accomodate the kind of environment that you are setting up. If you allow interactive creation of accounts with shell access from the net then the fear of hackers should be the lower of your concerns... Oh no, I'm not asking for userdel clean up the files. I just want useradd to prevent UIDs from being re-used. The problem comes when you have UID reuse without the file cleanup. The solution is to simply avoid reusing the UIDs. Here's what happens with the current useradd: # useradd userone # id userone uid=504(userone) gid=504(userone) # userdel userone # useradd usertwo # id usertwo uid=504(usertwo) gid=504(usertwo) # dir -d /home/user{one,two} drwx------ 4 usertwo usertwo /home/userone drwx------ 4 usertwo usertwo /home/usertwo First this is nasty for the system administrator, because now they don't know the /home/userone files are owned by usertwo, instead of showing up as a numeric user id what would tip the system administrator off that they should be deleted. Second, this can be a security hole if "userone" had shell access while the account existed. They could have setup a setuid shell as "userone" which will now be owned by "usertwo". Here is how the patches Ive submitted behave: # useradd userone # id userone uid=1502(userone) gid=1502(userone) # userdel userone # useradd usertwo # id usertwo uid=1503(usertwo) gid=1503(usertwo) # dir -d /home/user{one,two} drwx------ 2 1502 1502 /home/userone drwx------ 2 usertwo usertwo /home/usertwo Clear indication that the /home/userone files are not owned by a valid user and no possible security hole where userone can setup files that end up being owned by usertwo. Anyway, this idea that UIDs should not be reused is not original to me.. I remember that Solaris worked that way and I think they commented on it in their useradd man page. Blaugh.. remove the words "they don't know" from the "First this is nasty for the system administrator..." sentence and it makes a lot more sense. Sorry for the stupid typo. No matter what the policy for uid allocation is, somebody will have issues with it. I feel that the current behavior is the best one given the choices... |