This may be old hat for some, but I just discovered today that it is possible to have duplicate user IDs on the same Linux machine. The ‘useradd’ and ‘adduser’ commands will not allow it:
root@kratos:~# useradd -u 0 test_root useradd: UID 0 is not unique
However, not to fear. Hand-editing the /etc/passwd file is possible, and further, giving the ability for a successful login. For example, here are the first 10 lines of my /etc/passwd:
root@kratos:~# head /etc/passwd test_root:x:0:0:root:/root:/bin/bash root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh root@kratos:~# pwconv
I ran the ‘pwconv’ command to update the /etc/shadow file for the password aging information on the ‘test_user’. Now, to test with a login shell:
root@kratos:~# passwd test_root Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@kratos:~# ssh test_root@localhost test_root@localhost's password: test_root@kratos:~# whoami test_root
As you probably know, Linux doesn’t care much about the username itself, as much as it does the UID of the username. Further, when testing the account against the /etc/passwd file for existence, upon first successful pass is the winning account. That is why ‘whoami’ shows the ‘test_root’ account rather than the ‘root’ account.
Why would you do this? Doesn’t this just seem silly? To be honest, the only solution I can see with multiple UIDs, would be for the root account as demonstrated above. This way, if you lock out the root account, say with PAM or otherwise, you have a “back door” root account that you can use. Unfortunately, this leads to bad overhead, and sloppy administration. Further, I’ve heard applications check for the username “root” rather than the UID “0″ like they should, thus generating broken apps when using the backdoor account. Definitely, a better solution to this scenario would be proper delegation of the ‘sudo’ command via the /etc/sudoers file.
I would be interested on further insight for those who have encountered this scenario before. Please comment.