On Sat, Sep 19, 2009 at 12:35:44PM +0430, Mohsen Alimomeni wrote: > This is the exact scenario: > When I use the command "ssh admin@host", the user is authenticated by > a custom Pam module, and it's given the UID, GID and shell from a > custom nss module. The shell is also a custom CLI, which needs the > username - not the UID - to operate well. This is a fine example of why usernames and UIDs should always have a 1-to-1 correspondence. As far as the OS is concerned, the UID is what identifies a user uniquely, not its username. Also, you've reduced the accountability of your system: for example, if user "foo" and user "bar" both have UID 1234, then when bar creates a file, it will appear to have been created by foo (assuming foo appears first in /etc/passwd, or is returned first in whatever mechanism your system uses to look up UIDs and usernames). Likewise, when user bar does something that normally gets logged, it will be logged under user foo (given the same conditions). This is, in general, bad. You likely may encounter other things which break subtlely, or not so subtlely. I don't know what problem you're trying to solve by doing this, but there's probably a better way. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
Attachment:
pgpiYfjdT0o9v.pgp
Description: PGP signature