Red Hat Bugzilla – Bug 3643
ncsd changes semantics of multiple users with same uid
Last modified: 2008-05-01 11:37:50 EDT
(Note: nscd is not available as a component when entering a
bug, so, since component is mandatory, I've chosen yp-tools
even though this doesn't have anything to do with that.)
When multiple users with the same uid appear in the passwd
file, mapping from uid to username always matches the first
entry. This allows one to create multiple logins for the
same uid -- a very useful feature, and one that has existed
in UNIX environments for as long as I can recall.
When using nscd, the semantics change -- the uid to username
mapping resolves to whichever user was last accessed.
For example, create a user called "dump" in the passwd file
with uid 0. Make sure dump comes after root. Do ps aux.
Most processes are owned by root. Now do su dump -fc
whoami. Now do ps aux again. Most processes are owned by
dump. whoami returns dump. If you stop nscd, this problem
This can be a serious problem. A lot of programs don't work
right if uid 0 doesn't map to root, but some software or
configurations may require a particular username to be
configured for a particular service. Other similar problems
can occur with, for example, multiple logins to the same
guest ftp account.
Even though I think this is a fairly serious problem, I've
suggested "normal" for both priority and severity since the
workaround of not running nscd is simple and effective...
"Don't do that then". Having duplicate UIDs, you're on your own.
Especially for root.