Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!think!harvard!seismo!mcvax!ukc!cheviot!ncx From: ncx@cheviot.uucp (Lindsay F. Marshall) Newsgroups: net.unix-wizards Subject: Re: Symbolic user names and RFS Message-ID: <591@cheviot.uucp> Date: Tue, 18-Feb-86 05:10:07 EST Article-I.D.: cheviot.591 Posted: Tue Feb 18 05:10:07 1986 Date-Received: Thu, 20-Feb-86 08:16:18 EST References: <674@oliveb.UUCP> <1246@ubc-ean.UUCP> <759@im4u.UUCP> Reply-To: ncx@cheviot.newcastle.ac.uk (Lindsay F. Marshall) Organization: U. of Newcastle upon Tyne, U.K. Lines: 41 Keywords: RFS chown In article <759@im4u.UUCP> smoot@im4u.UUCP writes: >It seems that it is *imperative* for security reasons to have the same >UID/GID ==> username mapping on any systems which share filesystems. Rubbish!!!!! Why on earth should I have to support the same mapping as you? I may wish to map my uid to the username "lindsay" on my machine, but you might want to map it to "Lindsay_Marshall". You may want to map several users from my machine onto a single id on your machine (e.g. "Newcastle"). There is no earthly reason why having a single mapping is any more secure than multiple mappings because in the long run you always have to trust what you are sent by the client and a uniform mapping doesnt stop someone lying. Now, I am not against a single mapping in particular situations (say in a single department) in fact it is probably the most efficient way to do things, but on a large scale it is a disaster. The one most difficult case here is that of the "root" id - it's always 0 and you must *ALWAYS* use some form of authorisation when it is presented to you, if only so you can reject it. Its sometimes better to consider mapping another uid into "root" if someone needs remote superuser access (which you do if you have a single system manager for a set of machines) rather than simply allowing 0 through. >Do do otherwise seems to invite all kinds of chaos. There was a discussion on the net a couple of years ago about the advisability (and possibility) of having a uniform uid allocation scheme throughout an organisation. The general consensus was that it was just impractical given the way that UN*X implements uids. The commonest suggestion was to use employee numbers for the uid value, but these were almost always too large to be usable in most UN*X systems. In fact if you wish to avoid chaos it would seem that keeping users as localised as possible would be the best way - The "Small is Beautiful" approach rather than the "Big Brother". We have tried both on our (small) set of UN*X systems and it really doesnt make much difference for the limited number of users we have, but on a large scale the bureaucracy involved in a global scheme would kill us for sure. ------------------------------------------------------------------------------ Lindsay F. Marshall, Computing Lab., U of Newcastle upon Tyne, Tyne & Wear, UK ARPA : lindsay%cheviot.newcastle.ac.uk@ucl-cs.arpa JANET : lindsay@uk.ac.newcastle.cheviot UUCP : !ukc!cheviot!lindsay -------------------------------------------------------------------------------