Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 (Tek) 9/28/84 based on 9/17/84; site tekcrl.UUCP Path: utzoo!linus!decvax!tektronix!tekcrl!news From: news@tekcrl.UUCP (Network News daemon) Newsgroups: net.unix-wizards Subject: Re: Symbolic user names and RFS Message-ID: <532@tekcrl.UUCP> Date: Mon, 17-Feb-86 16:42:30 EST Article-I.D.: tekcrl.532 Posted: Mon Feb 17 16:42:30 1986 Date-Received: Wed, 19-Feb-86 20:13:37 EST References: <674@oliveb.UUCP> <1246@ubc-ean.UUCP> <759@im4u.UUCP> Reply-To: tektronix!toddb (Todd Brunhoff) Organization: Tektronix, Beaverton OR Lines: 26 Keywords: RFS chown In article <759@im4u.UUCP> smoot@im4u.UUCP (Mitchell) writes: >It seems that it is *imperative* for security reasons to have the same >UID/GID ==> username mapping on any systems which share filesystems. > ... >I might add that we do have a number of departments sharing the same >ethernet that do not participate in the uniform naming system we use. Certainly, having a common uid base solves some problems like portability of tar files, etc. But it is not a panacea. We at CRL, in fact do insist on identical uid/username pairs on our two vaxes, but even if I tried to insist on it for the 75 workstations we have here, I'd be silly to expect 100% compliance. And apparently Mr. Mitchell has the same sort of success with the departments not under his control. This problem (plus the fact that I abhor administrative tasks like changing user id numbers at the rate of one-a-day) is why I wrote RFS to do the mapping for you based on existing and easily available information: .rhosts for each user. Certainly, what I did in RFS was not completely satisfactory, otherwise there would be no complaints. I think the best solution suggestion has come from Jerry Aguirre @ Olivetti where he suggests that the server map the user id for system calls like chown, chgrp, etc., because it has the /etc/passwd files for both machines. I would also add that a real good idea would be to do the same for stat, lstat. The problem (with RFS) would then disappear.