Thanks for all replies, I could solve the problem. About the last comment, you are right. In my config, usernames and UIDs have a 1-to-1 correspondence in /etc/passwd. But I use a custom pam, nss module which have several users with the same UID, equal to a user in passwd. These users are not allowed to create files or things making trouble. A custom shell is assigned to them, which doesn't allow most of these things. Thanks everybody. Mohsen On Wed, Sep 23, 2009 at 12:14 AM, Derek Martin <code@xxxxxxxxxxxxxx> wrote: > On Sat, Sep 19, 2009 at 12:35:44PM +0430, Mohsen Alimomeni wrote: >> This is the exact scenario: >> When I use the command "ssh admin@host", the user is authenticated by >> a custom Pam module, and it's given the UID, GID and shell from a >> custom nss module. The shell is also a custom CLI, which needs the >> username - not the UID - to operate well. > > This is a fine example of why usernames and UIDs should always have a > 1-to-1 correspondence. As far as the OS is concerned, the UID is what > identifies a user uniquely, not its username. Also, you've reduced > the accountability of your system: for example, if user "foo" and > user "bar" both have UID 1234, then when bar creates a file, it will > appear to have been created by foo (assuming foo appears first in > /etc/passwd, or is returned first in whatever mechanism your system > uses to look up UIDs and usernames). Likewise, when user bar does > something that normally gets logged, it will be logged under user foo > (given the same conditions). > > This is, in general, bad. You likely may encounter other things which > break subtlely, or not so subtlely. I don't know what problem you're > trying to solve by doing this, but there's probably a better way. > > -- > Derek D. Martin > http://www.pizzashack.org/ > GPG Key ID: 0x81CFE75D > > -- __ \ /_\\_-//_ Mohsen Alimomeni
