Path: utzoo!attcan!uunet!clyde.concordia.ca!news-server.csri.toronto.edu!rutgers!gatech!bloom-beacon!eru!hagbard!sunic!dkuug!compel!her
From: her@compel.UUCP (Helge Egelund Rasmussen)
Newsgroups: comp.unix.questions
Subject: UID -2 and /etc/passwd
Summary: Problems with UID -2 in /etc/passwd!!
Keywords: uid passwd nfd
Message-ID: <1243@compel.UUCP>
Date: 24 Oct 90 09:31:50 GMT
Organization: Compel, Copenhagen, DK
Lines: 36

I've written a program to read and modify the password file on interactive
unix V.3.2. It is using the getpwent/putpwent routines, and updates the
shadow passwordfile too.

However when porting this to a Data General (DGUX), we had some problems 
with a user called 'nobody' which had UID -2.
When getpwent returns this user, the UID is returned as a number above 60000
(which is understandable if the UID is an unsigned short).

As far as I could see in the docs the UID should be non negative, so I told
the manager of the DG system, that the -2 entry in passwd was invalid and 
should be removed.

He then told me that the -2 UID was needed by NFS, and showed me a page 
from an IBM AIX/RT manual which contained the following:

	To prevent unauthorized access to NFS servers, NFS does not allow a user on
	a client to exercise superuser privileges on files in a mounted file system.
	The root user ID on the client (0) is mapped to the kernel variable NOBODY
	(-2, or unsigned 65534) when performing file operations in a mounted file
	system.

My question is this:
	Should UID -2 be in the password file, or is the statement about just 
	a description of what is happening in the kernel?

If UID -2 should be in the password file, then something is very wrong
with the getpwent/putpwent routines!

I hope somebody can help.

  Helge
---
Helge E. Rasmussen  .  PHONE + 45 31 37 11 00  .  E-mail:  her@compel.dk
Compel A/S          .  FAX   + 45 31 37 06 44  .  
Copenhagen, Denmark