Symbolic user names and RFS

Lindsay F. Marshall ncx at cheviot.uucp
Tue Feb 18 20:10:07 AEST 1986 

In article <759 at im4u.UUCP> smoot at im4u.UUCP writes:
>It seems that it is *imperative* for security reasons to have the same
>UID/GID ==> username mapping on any systems which share filesystems.

Rubbish!!!!! Why on earth should  I have to support the same mapping as you?
I may wish to map my uid to the username "lindsay" on my machine, but you
might want to map it to "Lindsay_Marshall". You may want to map several users
from my machine onto a single id on your machine (e.g. "Newcastle"). There is
no earthly reason why having a single mapping is any more secure than multiple
mappings because in the long run you always have to trust what you are sent
by the client and a uniform mapping doesnt stop someone lying. Now, I am not
against a single mapping in particular situations (say in a single department)
in fact it is probably the most efficient way to do things, but on a large
scale it is a disaster. The one most difficult case here is that of the "root"
id - it's always 0 and you must *ALWAYS* use some form of authorisation when
it is presented to you, if only so you can reject it. Its sometimes better
to consider mapping another uid into "root" if someone needs remote superuser
access (which you do if you have a single system manager for a set of machines)
rather than simply allowing 0 through.

>Do do otherwise seems to invite all kinds of chaos.

There was a discussion on the net a couple of years ago about the
advisability (and possibility) of having a uniform uid allocation
scheme throughout an organisation. The general consensus was that it
was just impractical given the way that UN*X implements uids. The
commonest suggestion was to use employee numbers for the uid value,
but these were almost always too large to be usable in most UN*X
systems. In fact if you wish to avoid chaos it would seem that keeping
users as localised as possible would be the best way - The "Small is
Beautiful" approach rather than the "Big Brother". We have tried both
on our (small) set of UN*X systems and it really doesnt make much
difference for the limited number of users we have, but on a large scale
the bureaucracy involved in a global scheme would kill us for sure.

------------------------------------------------------------------------------
Lindsay F. Marshall, Computing Lab., U of Newcastle upon Tyne, Tyne & Wear, UK
  ARPA  : lindsay%cheviot.newcastle.ac.uk at ucl-cs.arpa
  JANET : lindsay at uk.ac.newcastle.cheviot
  UUCP  : <UK>!ukc!cheviot!lindsay
-------------------------------------------------------------------------------

More information about the Comp.unix.wizards mailing list