Symbolic user names and RFS

[Network News daemon]

In article <759 at im4u.UUCP> smoot at im4u.UUCP (Mitchell) writes:
>It seems that it is *imperative* for security reasons to have the same
>UID/GID ==> username mapping on any systems which share filesystems.
> ...
>I might add that we do have a number of departments sharing the same
>ethernet that do not participate in the uniform naming system we use.

Certainly, having a common uid base solves some problems like
portability of tar files, etc.  But it is not a panacea.  We at CRL, in
fact do insist on identical uid/username pairs on our two vaxes, but
even if I tried to insist on it for the 75 workstations we have here,
I'd be silly to expect 100% compliance.  And apparently Mr. Mitchell has the
same sort of success with the departments not under his control.

This problem (plus the fact that I abhor administrative tasks like
changing user id numbers at the rate of one-a-day) is why I wrote RFS
to do the mapping for you based on existing and easily available
information:  .rhosts for each user.

Certainly, what I did in RFS was not completely satisfactory, otherwise there
would be no complaints.  I think the best solution suggestion has come
from Jerry Aguirre @ Olivetti where he suggests that the server map the
user id for system calls like chown, chgrp, etc., because it has the
/etc/passwd files for both machines.  I would also add that
a real good idea would be to do the same for stat, lstat.  The problem
(with RFS) would then disappear.