Bug 92033 - passwd doesn't handle multiple usernames w/ same uid
Summary: passwd doesn't handle multiple usernames w/ same uid
Alias: None
Product: Fedora
Classification: Fedora
Component: passwd   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Mike McLean
Depends On:
TreeView+ depends on / blocked
Reported: 2003-06-01 06:39 UTC by Kent Crispin
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-04-08 11:46:06 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Kent Crispin 2003-06-01 06:39:57 UTC
Description of problem:
  two or more usernames w/ same uid (eg u1:1001 and u2:1001).  log in as u2;
run passwd; passwd will say "Changing password for user u1", and will change
u1's password, if u1 is first in /etc/passwd.

Version-Release number of selected component (if applicable):
  applies to all versions since 5.2, I believe

How reproducible:

Steps to Reproduce:
1. (as root) useradd u1; useradd u2
2. edit /etc/passwd file to change uid for u2 to be same as uid for u1
3. chown -R u1 /home/u2
4. su - u2
5. passwd
Actual results:
  "Changing password for user u1"

Expected results:
  "Changing password for user u2"

Additional info:
  The behavior of passwd changed after 5.2, apparently in an attempt to avoid
the insecurity of the getlogin function.  However, the insecurity of getlogin
is not, I believe, really an issue, since the getuid check still applies.

Comment 1 Kent Crispin 2003-06-01 07:11:32 UTC
This is a difficult problem to fix securely, and it may be impossible to do a
job that that is both complete and secure.  I have a patch that I believe does
OK (it meets my needs, at least), and I have been using it for some time now.
It would be much better, of course, if the functionality was supported.

Comment 2 Jindrich Novy 2005-01-28 11:52:21 UTC
Kent, could you send the patch here?

Comment 3 Tomas Mraz 2005-03-25 13:26:06 UTC
Having two users with the same uid isn't supported well by many system utilities
so I don't think passwd is too different from the rest of the system.

Note You need to log in before you can comment on or make changes to this bug.