Bug 92033 - passwd doesn't handle multiple usernames w/ same uid
Summary: passwd doesn't handle multiple usernames w/ same uid
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: passwd
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-06-01 06:39 UTC by Kent Crispin
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-04-08 11:46:06 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Kent Crispin 2003-06-01 06:39:57 UTC
Description of problem:
  two or more usernames w/ same uid (eg u1:1001 and u2:1001).  log in as u2;
run passwd; passwd will say "Changing password for user u1", and will change
u1's password, if u1 is first in /etc/passwd.

Version-Release number of selected component (if applicable):
  applies to all versions since 5.2, I believe

How reproducible:
  100%

Steps to Reproduce:
1. (as root) useradd u1; useradd u2
2. edit /etc/passwd file to change uid for u2 to be same as uid for u1
3. chown -R u1 /home/u2
4. su - u2
5. passwd
    
Actual results:
  "Changing password for user u1"

Expected results:
  "Changing password for user u2"

Additional info:
  The behavior of passwd changed after 5.2, apparently in an attempt to avoid
the insecurity of the getlogin function.  However, the insecurity of getlogin
is not, I believe, really an issue, since the getuid check still applies.

Comment 1 Kent Crispin 2003-06-01 07:11:32 UTC
This is a difficult problem to fix securely, and it may be impossible to do a
job that that is both complete and secure.  I have a patch that I believe does
OK (it meets my needs, at least), and I have been using it for some time now.
It would be much better, of course, if the functionality was supported.



Comment 2 Jindrich Novy 2005-01-28 11:52:21 UTC
Kent, could you send the patch here?

Comment 3 Tomas Mraz 2005-03-25 13:26:06 UTC
Having two users with the same uid isn't supported well by many system utilities
so I don't think passwd is too different from the rest of the system.


Note You need to log in before you can comment on or make changes to this bug.