jessea@dynasys.UUCP (Jesse W. Asher) (07/12/90)
I have learned to make a distinction between a loginid and the userid. The loginid is the actual name of your login. For example: jessea. The userid is the actual number, your uid. For example: 110. I consider these two separate concepts - one is a name and the other a number and they are not interchangeable. My question is does anyone else view them this way, and if not what is the relationship? The reason I make this distinction is because your uid can be changed while your loginid doesn't have to be changed - the os looks at your uid (the number) to determine who your are in most cases. An example is su changing your uid to 0 (or to whatever your su uid is) while leaving your login intact. Of course you can have both changed, but the above leaves me to believe that they are not interchangeable concepts. The uid is not the same as the loginid. Does anyone have any comments on this?
milburn@me10.lbl.gov (John Milburn) (07/14/90)
In article <316@dynasys.UUCP> jessea@dynasys.UUCP (Jesse W. Asher) writes: >I have learned to make a distinction between a loginid and the userid. >The loginid is the actual name of your login. For example: jessea. >The userid is the actual number, your uid. For example: 110. [...] >My question is does anyone else view them this way, and if not what is >the relationship? I have a number of different loginids one my system with the same uid. There are times when I want to be in a completely different environment from the one I normally use, so the easiest way to accomplish this while retaining access to all of my files is to login with another loginid, in a different home directory, but using the same uid. -jem -- JEMilburn@lbl.gov ...!ucbvax!lbl.gov!JEMilburn
samlb@pioneer.arc.nasa.gov (Sam Bassett RCS) (07/14/90)
UNIX uses the numerical UID to determine who owns a given file -- it is entered into one of the fields in the inode (gnode, vnode) which identifies each file on the disk. When UNIX needs to know or output the userid (ASCII string which identifies a user), it looks in the /etc/passwd file for the userid which is associated with the UID number. RTFM 'man [45] passwd' Sam'l Bassett, Sterling Software @ NASA Ames Research Center, Moffett Field CA 94035 Work: (415) 604-4792; Home: (415) 969-2644 samlb@well.sf.ca.us samlb@ames.arc.nasa.gov <Disclaimer> := 'Sterling doesn't _have_ opinions -- much less NASA!'
g-patena@steer..calstate.edu (Mitch Patenaude) (07/14/90)
JEMilburn@lbl.gov (John Milburn) writes: >jessea@dynasys.UUCP (Jesse W. Asher) writes: >>I have learned to make a distinction between a loginid and the userid. >[...] >>My question is does anyone else view them this way, and if not what is >>the relationship? > >I have a number of different loginids one my system with the same >uid. There are times when I want to be in a completely different >environment from the one I normally use, so the easiest way to accomplish >this while retaining access to all of my files is to login with another >loginid, in a different home directory, but using the same uid. There is a danger here. Aside from the fact that a loginid must have an associated uid, it helps if this uid is uniqe to this loginid. Many programs take the numeric uid returned by getuid() or geteuid() and then look up the loginid (or login name.. as I call it) in the password file. (I believe the routine is called getpwent(), but don't quote me on it, I haven't used it in a while), if there is more than one entry with the same uid, it retrieves the first in the password file. While this method returns a consistant value for uid, it will not match the entry in /etc/utmp which could confuse certain programs. often on a unix system there are various administrative logins, all with the same uid, (often 0) with varying levels of access, so administrive tasks (backups, diagnostics, etc) can be performed by operators without the need to give then root access, but these are not standard users, and often have menu driven shells that specifically avoid the pitfalls associated with sharing a uid. -- Mitch Patenaude KB6HNH Humboldt State University, 3B2/400 Sytem Administrator (and student) g-patena@steer.calstate.edu Gandalf@Calstate.BITNET
bill@twg.wimsey.bc.ca (Bill Irwin) (07/14/90)
In <316@dynasys.UUCP> jessea@dynasys.UUCP (Jesse W. Asher) writes: [...] >My question is does anyone else view them this way, and if not what is >the relationship? The reason I make this distinction is because your >uid can be changed while your loginid doesn't have to be changed - the >os looks at your uid (the number) to determine who your are in most >cases. An example is su changing your uid to 0 (or to whatever your su >uid is) while leaving your login intact. Of course you can have both ^^^^^^^^^^^^^^^^^ >changed, but the above leaves me to believe that they are not ^^^^^^^ >interchangeable concepts. The uid is not the same as the loginid. >Does anyone have any comments on this? How do you change your logname to "wimp" when you "su - wimp"? I have an email application that uses the logname to determine which directory structure to deal with in mail sessions, which makes it impossible to su to another user and read their mail. -- Bill Irwin - TWG The Westrheim Group - Vancouver, BC, Canada ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ uunet!van-bc!twg!bill (604) 431-9600 (voice) | UNIX Systems bill@twg.wimsey.bc.ca (604) 431-4629 (fax) | Integration
gt0178a@prism.gatech.EDU (BURNS,JIM) (07/16/90)
in article <232@twg.wimsey.bc.ca>, bill@twg.wimsey.bc.ca (Bill Irwin) says: > How do you change your logname to "wimp" when you "su - wimp"? I have an > email application that uses the logname to determine which directory > structure to deal with in mail sessions, which makes it impossible to su > to another user and read their mail. Interestingly enough, /bin/who, invoked as 'who am i' usually reports the account you su'd from, whereas /usr/bin/whoami (or /usr/ucb/whoami) usually reports the account you su'd to. And of course, $LOGNAME will depend on whether you used the '-' flag to su or not. -- BURNS,JIM Georgia Institute of Technology, Box 30178, Atlanta Georgia, 30332 uucp: ...!{decvax,hplabs,ncar,purdue,rutgers}!gatech!prism!gt0178a Internet: gt0178a@prism.gatech.edu
bill@twg.wimsey.bc.ca (Bill Irwin) (07/16/90)
In <11399@hydra.gatech.EDU> gt0178a@prism.gatech.EDU (BURNS,JIM) writes:
$in article <232@twg.wimsey.bc.ca>, bill@twg.wimsey.bc.ca (Bill Irwin) says:
$> How do you change your logname to "wimp" when you "su - wimp"? I have an
$> email application that uses the logname to determine which directory
$> structure to deal with in mail sessions, which makes it impossible to su
$> to another user and read their mail.
[....]
$ And of course, $LOGNAME will depend on
$whether you used the '-' flag to su or not.
Not on my system it doesn't. I have SCO XENIX V/386 2.3.2 and I get my
original logname whether I use "-" in the su, or not. From replies I've
been getting, I'm getting the impression that using the "-" should change
the output of "logname" to that of the user changed to.
Mine doesn't. 8^|
--
Bill Irwin - TWG The Westrheim Group - Vancouver, BC, Canada
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uunet!van-bc!twg!bill (604) 431-9600 (voice) | UNIX Systems
bill@twg.wimsey.bc.ca (604) 431-4629 (fax) | Integrationgt0178a@prism.gatech.EDU (BURNS,JIM) (07/17/90)
in article <234@twg.wimsey.bc.ca>, bill@twg.wimsey.bc.ca (Bill Irwin) says: > Not on my system it doesn't. I have SCO XENIX V/386 2.3.2 and I get my > original logname whether I use "-" in the su, or not. From replies I've However, you could always run your applications from a script where you say LOGNAME=`whoami`. If you don't have whoami, I would imagine a simple 'c' program that does a getuid() and a lookup on /etc/passwd would suffice. -- BURNS,JIM Georgia Institute of Technology, Box 30178, Atlanta Georgia, 30332 uucp: ...!{decvax,hplabs,ncar,purdue,rutgers}!gatech!prism!gt0178a Internet: gt0178a@prism.gatech.edu
karish@mindcrf.UUCP (07/17/90)
In article <234@twg.wimsey.bc.ca> bill@twg.wimsey.bc.ca (Bill Irwin) writes: >In <11399@hydra.gatech.EDU> gt0178a@prism.gatech.EDU (BURNS,JIM) writes: > >$in article <232@twg.wimsey.bc.ca>, bill@twg.wimsey.bc.ca (Bill Irwin) says: >$> How do you change your logname to "wimp" when you "su - wimp"? I have an >$> email application that uses the logname to determine which directory >$> structure to deal with in mail sessions, which makes it impossible to su >$> to another user and read their mail. Some mail readers have options designed to make this easy (`-u', under Berkeley mail). Others show more respect for their users' privacy. As super-user you should be able to scan the spool directly no matter what your logname is. >[....] >$ And of course, $LOGNAME will depend on >$whether you used the '-' flag to su or not. > >Not on my system it doesn't. I have SCO XENIX V/386 2.3.2 and I get my >original logname whether I use "-" in the su, or not. From replies I've >been getting, I'm getting the impression that using the "-" should change >the output of "logname" to that of the user changed to. The SVID says "The command logname returns the user's login name". POSIX.1 says that $LOGNAME, if it exists, should contain "The name of the user's login account...". There's no mention of when $LOGNAME should be changed or even of whether it should be changeable by the user. The SVID description of su says "If the first argument to su is a -, the environment will be changed to what would be expected if the user actually logged in as the specified user". The `environment' is, presumably, the list of tag=value pairs stored in the `environ' array. This does not necessarily reflect what's returned by the logname utility or the getlogin() function. The point of having separate logname() and getuid() functions is to maintain the login ID and the real UID as separate concepts. -- Chuck Karish karish@mindcraft.com Mindcraft, Inc. (415) 323-9000
drd@siia.mv.com (David Dick) (07/17/90)
In <316@dynasys.UUCP> jessea@dynasys.UUCP (Jesse W. Asher) writes: >I have learned to make a distinction between a loginid and the userid. >The loginid is the actual name of your login. For example: jessea. >The userid is the actual number, your uid. For example: 110. >I consider these two separate concepts - one is a name and the other a >number and they are not interchangeable. >My question is does anyone else view them this way, and if not what is >the relationship? I view loginid as just a name that login and some other programs use as a symbol for uid. At our company we often have more than one login to get to the same uid, usually with something different, like shell or home directory. This leads to another point of security philosophy: login vs. mail ids. I think it is quite silly to have the symbol that someone uses to login be the same as the symbol that other people use to send mail to that person. I think the password file should be set up so that the ids used by ps(1), ls(1), and other programs that print user ids in fact has password entries that can't be used to login (e.g., "NoLogin"). Those programs find the first entries for the respective user ids in /etc/passwd. Subsequent entries for the user ids can contain the actual names used to login; these won't be seen by ps(1), etc. The setup for keeping separate mail ids could be handled by a mail alias file, or something else, depending on the mailer. David Dick Software Innovations, Inc. [the Software Moving Company (sm)]
gt0178a@prism.gatech.EDU (BURNS,JIM) (07/17/90)
in article <9007162005.AA11293@mindcrf.mindcraft.com>, karish@mindcrf.UUCP says: [discussion of what SVID and POSIX do] > > The point of having separate logname() and getuid() functions is > to maintain the login ID and the real UID as separate concepts. The following are man logname excerpts from 1) SunOs 4.0, and 2)AU/X 1.1 (SVR2): 1) DESCRIPTION logname returns the contents of the environment variable LOGNAME, which is set when a user logs into the system. Sun Release 4.0 Last change: 9 September 1987 1 2) man 1 logname says the same thing, while man 3x logname says (in part): DESCRIPTION logname returns a pointer to the null-terminated login name; it extracts the $LOGNAME variable from the user's environ- ment. BUGS This method of determining a login name is subject to for- gery. Interestingly enough, when I do a su - on AU/X, logname and $LOGNAME both report the account I su'd to, whereas under SunOs, $LOGNAME reports the account I su'd to, and logname returns the account I su'd from, in contradiction to its man page. (My .profile and the system's /local/etc/profile don't do anything strange to $LOGNAME.) Sequent Dynix apparently doesn't support logname. -- BURNS,JIM Georgia Institute of Technology, Box 30178, Atlanta Georgia, 30332 uucp: ...!{decvax,hplabs,ncar,purdue,rutgers}!gatech!prism!gt0178a Internet: gt0178a@prism.gatech.edu
gwyn@smoke.BRL.MIL (Doug Gwyn) (07/17/90)
In article <316@dynasys.UUCP> jessea@dynasys.UUCP (Jesse W. Asher) writes: >I consider these two separate concepts - one is a name and the other a >number and they are not interchangeable. >My question is does anyone else view them this way, and if not what is >the relationship? The situation is considerably more complex than you described -- The fundamental notion is that of UID; however, the set-UID notion splits UIDness into "real UID" and "effective UID". A process has both, and they may be the same or different. The initial shell provided when you log in has its real UID set according to an entry in /etc/passwd; the only use made of the "login name" is to locate the /etc/passwd entry. However, that name is recorded in /etc/utmp along with the terminal port that was used to connect to the system. Privileged (set-UID root) processes can alter the contents of /etc/utmp, which is usually the source of the login name reported by utilities such as "write". There need not be a name in /etc/utmp for every "terminal" in use, especially in a windowing environment. Other utilities may decide to try to derive a user name by searching for the current real UID in /etc/passwd; however, there may be several passwd entries with the same UID, so the derived user name may not match the one used to log in. The bottom line is that the real UID of a process is well defined, but the "user name" is ill-defined. To fix this would require a massive overhaul of the way that terminals are assigned in UNIX, among other things.
bob@wyse.wyse.com (Bob McGowen x4312 dept208) (07/18/90)
In article <234@twg.wimsey.bc.ca> bill@twg.wimsey.bc.ca (Bill Irwin) writes: >In <11399@hydra.gatech.EDU> gt0178a@prism.gatech.EDU (BURNS,JIM) writes: > >$in article <232@twg.wimsey.bc.ca>, bill@twg.wimsey.bc.ca (Bill Irwin) says: ---- > >[....] >$ And of course, $LOGNAME will depend on >$whether you used the '-' flag to su or not. > >Not on my system it doesn't. I have SCO XENIX V/386 2.3.2 and I get my >original logname whether I use "-" in the su, or not. From replies I've ---- Consider the name of the variable. It should point to your login name regardless of whom you su to or how you su, I would think. Just like a 'who am i' looks in /etc/utmp (I believe) and gets your login name even if you are su'ed to another user. This seems like proper behavior to me. Bob McGowan (standard disclaimer, these are my own ...) Product Support, Wyse Technology, San Jose, CA ..!uunet!wyse!bob bob@wyse.com
volpe@underdog.crd.ge.com (Christopher R Volpe) (07/18/90)
What exactly does su have to do (when given the "-" option) to *completely* change your identity so that applications like mail think you are the person you su'd to rather than the person you su'd from? I once experimented with a program (setuid to root) that set real and effective group and user ids to root, and then execed a c shell. "who" reported the name I logged in under (which makes sense because of the utmp file), but applications like mail still thought I was the person I logged in under. Does mail use the utmp file as well? I tried changing enironment variables such as HOME and LOGNAME, but they had no effect. Chris Volpe GE Corporate R&D volpecr@crd.ge.com
jessea@dynasys.UUCP (Jesse W. Asher) (07/18/90)
In article <7342@amelia.nas.nasa.gov>, samlb@pioneer.arc.nasa.gov.UUCP (Sam Bassett RCS) wrote the following:
*>
*> UNIX uses the numerical UID to determine who owns a given file --
*>it is entered into one of the fields in the inode (gnode, vnode) which
*>identifies each file on the disk.
*> When UNIX needs to know or output the userid (ASCII string which
*>identifies a user), it looks in the /etc/passwd file for the userid which
*>is associated with the UID number.
*>
*> RTFM 'man [45] passwd'
I know what the uid is and don't need somebody to read the RTFM. You didn't
answer the question. Ok. Read this slowly so you can understand it.
What is the difference, if any, between the loginid and uid?
Now, go back to reading that manual you are so fond of and stop being rude
by telling others to read it.
Jesse W. Asher Dynasys Evening: (901)382-1609
6196-1 Macon Rd., Suite 200, Memphis, TN 38134
UUCP: {fedeva,chromc}!dynasys!jesseajessea@dynasys.UUCP (Jesse W. Asher) (07/18/90)
In article <232@twg.wimsey.bc.ca>, bill@twg.wimsey.bc.ca (Bill Irwin) wrote the following: >>uid is) while leaving your login intact. Of course you can have both > ^^^^^^^^^^^^^^^^^ >>changed, but the above leaves me to believe that they are not > ^^^^^^^ >>interchangeable concepts. The uid is not the same as the loginid. >>Does anyone have any comments on this? > >How do you change your logname to "wimp" when you "su - wimp"? I have an >email application that uses the logname to determine which directory >structure to deal with in mail sessions, which makes it impossible to su >to another user and read their mail. When I do "su - wimp", my LOGNAME becomes wimp. This allows me to read wimp's mail by just typing in "mailx". Now, if I just do "su wimp", my LOGNAME is not changed, but my uid is. So I can access any of wimp's files as if the true owner, but it will not let me read wimp's mail. I have to do "mailx -uwimp" in order to read it. It sounds like your su may act differently than mine. Jesse W. Asher Dynasys Evening: (901)382-1609 6196-1 Macon Rd., Suite 200, Memphis, TN 38134 UUCP: {fedeva,chromc}!dynasys!jessea
jon@savant.UUCP (Jon Gefaell) (07/19/90)
In article <316@dynasys.UUCP> jessea@dynasys.UUCP (Jesse W. Asher) writes: >I have learned to make a distinction between a loginid and the userid. >The loginid is the actual name of your login. For example: jessea. >The userid is the actual number, your uid. For example: 110. > >I consider these two separate concepts - one is a name and the other a >number and they are not interchangeable. > >My question is does anyone else view them this way, and if not what is >the relationship? The reason I make this distinction is because your >uid can be changed while your loginid doesn't have to be changed - the >os looks at your uid (the number) to determine who your are in most >cases. An example is su changing your uid to 0 (or to whatever your su >uid is) while leaving your login intact. Of course you can have both >changed, but the above leaves me to believe that they are not >interchangeable concepts. The uid is not the same as the loginid. >Does anyone have any comments on this? I learned this the hard way when I set up savant and started adding users I wanted to change the order some people appeared in the /etc/password file, and their uid's too.. Well, this resulted in some _very_ interesting manifestations. Notably, it seems file permissions are 'remembered' or whatever in uid form (that is, underneath the ls output, the file ownership and group ownership must be in uid and gid's... So, news, who was 101 (right after me, who was 100) I wanted as 100 (so it wouldn't interupt a contiguous listing of _real_ people) This meant that /usr/lib/news and it's files were now owned by 'jon' instead of 'news' and of course, inews didn't have proper permissions on the history files (for one thing, but after this became evident I spotted it before any thing else went wrong (that I noticed) For those interested, another interesting aspect of this is that there were no other manifestations of this error within the news system (or any other that I'm aware of) and that this problem (not being able to post because of access permission problems on LIBDIR/history.d files) didn't occur until I ran 'expire' for the first ever 10 days later (waited for a 70M news fs to start to fill up). Interesting, at least to me, and illustrates well the diference between uid gid and their corresponding text tokens. (I believe the later are only looked up for their abstract value in user presentation) As usual, please comment :) I wanna learn.... -- +----------- Domain? DOMAIN? We Don't Need No Steeeenkin' Domain! -----------+ | __/\ | | \/~~ | +-savant!jon@virginia.edu {...}!uunet!virginia!savant!jon jeg7e@virginia.edu-+
white@leadsv.UUCP (Ben White) (07/19/90)
In article <9900@crdgw1.crd.ge.com>, volpe@underdog.crd.ge.com (Christopher R Volpe) writes: > What exactly does su have to do (when given the "-" option) to *completely* > change your identity so that applications like mail think you are the > person you su'd to rather than the person you su'd from? ... > > ... mail still thought I was the person I logged in under. > Does mail use the utmp file as well? I tried changing enironment > variables such as HOME and LOGNAME, but they had no effect. What version of UNIX are you running, and on what machine? I have run a similar setruid/seteuid program on SunOS (4.0.3), and mail seems operate properly with the "new" userid. Likewise for just about everything else I've tried, except of course, "who", which uses the utmp file, as you pointed out. Ben White
tony@oha.UUCP (Tony Olekshy) (07/21/90)
In message <2793@wyse.wyse.com>, bob@wyse.wyse.com (Bob McGowen x4312 dept208) writes (about $LOGNAME): > > Consider the name of the variable. It should point to your login name > regardless of whom you su to or how you su, I would think. Just like a > 'who am i' looks in /etc/utmp (I believe) and gets your login name even > if you are su'ed to another user. This seems like proper behavior to me. Beg to differ, but the Xenix manual page explicity says: SU(C) XENIX System V SU(C) If the first argument to su is a -, the environment is changed to what would be expected if the user actually logged in as the specified user. So, if we set up two terminals, and you `su - foo` and I "login: foo", then what am I to *expect* $LOGNAME to be in each case? -- Yours etc., Tony Olekshy. Internet: tony%oha@CS.UAlberta.CA BITNET: tony%oha.uucp@UALTAMTS.BITNET uucp: alberta!oha!tony