suse linux enterprise server 8 - nsswitch.conf - uid -> name mapping for files ???
This is a discussion on suse linux enterprise server 8 - nsswitch.conf - uid -> name mapping for files ??? within the Linux Security forums, part of the System Security and Security Related category; Hi, I notice an annoying difference between aix & linux (sles 8) concerning the mapping from uid -> names: we ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-15-2004
|
|||
|
|||
suse linux enterprise server 8 - nsswitch.conf - uid -> name mapping for files ???
Hi,
I notice an annoying difference between aix & linux (sles 8) concerning the mapping from uid -> names: we are managing a load of remote aix and linux servers from a central site. local it staff also needs access to these machines with root privileges, but we don't want them to know our root password. so we have 2 accounts in /etc/passwd with uid=0 and gid=0: user root, which is the user used by the local staff user 'central', which we use to connect. this setup works fine for us, everyone can do their work without needing to know the other one's password. now, on linux, this works too, but there's a strange difference: on aix, when i am logged on as user 'central', the files belonging to uid 0 are displayed as 'root'. I guessed this was because the entry for root came first in /etc/passwd. on linux however, when i am logged on as user 'central', SOMETIMES files with owner uid=0 are displayed as "central", and sometimes as "root". I have even seen that during the same session, the name changed from central to root ???? I understand that the mapping from uid -> name happens via the /etc/nsswitch.conf file ? these are the contents of this file: passwd: files ldap group: files ldap hosts: files dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files nis aliases: files i also noticed that when i do a 'id', sometimes it says uid=0(central) and sometimes uid=0(root). what is causing this behaviour ? apparently, the behaviour is not: search the /etc/passwd for top to bottom and use the first entry that corresponds with uid=0 ? (BTW, I know i could use sudo, but because of some specific - non-technical - reasons, we would like to keep the same way of working that has worked out for us for years now). thanks for your help, Tom. 
|
|
07-15-2004
|
|||
|
|||
|
Re: suse linux enterprise server 8 - nsswitch.conf - uid -> name mapping for files ???
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message In comp.os.linux.security Tom Van Overbeke <tom.van.overbeke@pandora.be> suggested: > Hi, > I notice an annoying difference between aix & linux (sles 8) concerning the > mapping from uid -> names: > we are managing a load of remote aix and linux servers from a central site. > local it staff also needs access to these machines with root privileges, but > we don't want them to know our root password. > so we have 2 accounts in /etc/passwd with uid=0 and gid=0: A rather bad idea, using one UID more then once, simply use 'sudo' works on almost any *nix. [..] > (BTW, I know i could use sudo, but because of some specific - > non-technical - reasons, we would like to keep the same way of working that > has worked out for us for years now). Doesn't matter, use sudo, your approach is completely broken. -- Michael Heiming (GPG-Key ID: 0xEDD27B94) mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFA9j35AkPEju3Se5QRAqheAKCmoEXWunmbgxG4HPIcrd r7fg2vFgCdGphm ELg1iFuSIFPtj5/y7llzsbA= =WBc5 -----END PGP SIGNATURE-----
|
|
07-15-2004
|
|||
|
|||
|
Re: suse linux enterprise server 8 - nsswitch.conf - uid -> name mapping for files ???
Thanks for the lecture.
Anyway, I found the problem, it's the nscd daemon. suse enables it by default (redhat does not). i stopped this daemon and behaviour is back as expected. gr, Tom. "Michael Heiming" <michael+USENET@www.heiming.de> wrote in message news:q8rhs1-m34.ln1@news.heiming.de... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > NotDashEscaped: You need GnuPG to verify this message > > In comp.os.linux.security Tom Van Overbeke <tom.van.overbeke@pandora.be> suggested: > > Hi, > > > I notice an annoying difference between aix & linux (sles 8) concerning the > > mapping from uid -> names: > > > > we are managing a load of remote aix and linux servers from a central site. > > local it staff also needs access to these machines with root privileges, but > > we don't want them to know our root password. > > > so we have 2 accounts in /etc/passwd with uid=0 and gid=0: > > A rather bad idea, using one UID more then once, simply use > 'sudo' works on almost any *nix. > > [..] > > > (BTW, I know i could use sudo, but because of some specific - > > non-technical - reasons, we would like to keep the same way of working that > > has worked out for us for years now). > > Doesn't matter, use sudo, your approach is completely broken. > > -- > Michael Heiming (GPG-Key ID: 0xEDD27B94) > mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/' > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQFA9j35AkPEju3Se5QRAqheAKCmoEXWunmbgxG4HPIcrd r7fg2vFgCdGphm > ELg1iFuSIFPtj5/y7llzsbA= > =WBc5 > -----END PGP SIGNATURE-----
|
Linear Mode
