On Tue, 29 Jun 2010, Dan Nelson wrote:
> In the last episode (Jun 29), Rick C. Petty said:
> > On Tue, Jun 29, 2010 at 10:20:57AM -0500, Adam Vande More wrote:
> > > On Tue, Jun 29, 2010 at 9:58 AM, Rick Macklem <rmack...@uoguelph.ca>
> > > wrote:
> > >
> > > > I suppose if the FreeBSD world feels that "root" and "toor" must both
> > > > exist in the password database, then "nfsuserd" could be hacked to
> > > > handle the case of translating uid 0 to "root" without calling
> > > > getpwuid(). It seems ugly, but if deleting "toor" from the password
> > > > database upsets people, I can do that.
> > >
> > > I agree with Ian on this. I don't use toor either, but have seen people
> > > use it, and sometimes it will get recommended here for various reasons
> > > e.g. running a root account with a different default shell. It
> > > wouldn't bother me having to do this provided it was documented, but
> > > having to do so would be a POLA violation to many users I think.
> >
> > To be fair, I'm not sure this is even a problem. Rick M. only suggested
> > it as a possibility. I would think that getpwuid() would return the first
> > match which has always been root. At least that's what it does when
> > scanning the passwd file; I'm not sure about NIS. If someone can prove
> > that this will cause a problem with NFSv4, we could consider hackingit.
> > Otherwise I don't think we should change this behavior yet.
>
> If there are multiple users that map to the same userid, nscd on Linux will
> select one name at random and return it for getpwuid() calls. I haven't
> seen this behaviour on FreeBSD or Solaris, though. They always seem to
> return the first entry in the passwd file.
I wondered whether this might be a Linux thing. On my 7.2 system,
% find /usr/src -name "*.[ch]" -exec grep -Hw getpwuid {} \; > file
returns 195 lines, many in the form getpwuid(getuid()), in many base and
contrib components - including id(1), bind, sendmail etc - that could be
nondeterministic if getpwuid(0) ever returned other than root.
Just one mention of 'toor' in /usr/src/usr.sbin/makefs/compat/pwcache.c
Not claiming to know how the lookups in /usr/src/lib/libc/gen/getpwent.c
work under the hood, but this does seem likely a non-issue on FreeBSD.
cheers, Ian
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
