[comp.unix.wizards] Programs knowing "root"

mouse@mcgill-vision.UUCP (der Mouse) (11/13/86)

In article <811@oswego.UUCP>, taylor@oswego.UUCP (Paul R. Taylor) writes:
> In article <619@ssc-bee.UUCP> bossert@ssc-bee.UUCP (John Bossert) writes:
>> Can someone supply me with a list of programs depending on the user
>> with uid==0 having the name "root"?
> we here running 4.[23] BSD and ULTRIX 1.2 have set up multiple users
> with uid's == 0, the first one that is encountered in the passwd file
> is what all of the programs that were owned by root are woned by.

No.  They are owned by uid 0.  A file is owned by a specific uid, not a
user per se.  It looks as though a file is owned by a user because ls
(under the -l option) tries to find a user matching the owning uid.  We
hacked on ls so that if the uid which owns the file equals the uid of
the user running ls, then ls prints $USER instead of
getpwuid(uid)->pw_name.

> [O]ther than this strangeness, we have found no problems with having
> more than one account with a uid == 0.

You clearly don't have a LAN such as Ethernet.  There is a nasty bug in
rlogin, rcp, and rsh (at least).  When used naively, the username used
on the remote machine is that on the local machine.  But how does rsh
(for example) find this username?  It looks in the passwd file for a
user with a uid matching the current uid.  Bad.  But if you want
anything approaching security, how *should* this be done?  Can't just
allow people to pretend to be anyone.  What we wound up doing is for
rsh and friends to use $USER, provided that user has a uid matching the
real uid.  Otherwise it uses the old algorithm.  Exception:  real uid 0
may claim to be anyone (and will be believed).

					der Mouse

USA: {ihnp4,decvax,akgua,utzoo,etc}!utcsri!mcgill-vision!mouse
     think!mosart!mcgill-vision!mouse
Europe: mcvax!decvax!utcsri!mcgill-vision!mouse
ARPAnet: think!mosart!mcgill-vision!mouse@harvard.harvard.edu

[USA NSA food: terrorist, cryptography, DES, drugs, CIA, secret, decode]