Image of the glider from the Game of Life by John Conway
Skip to content

Duplicate UIDs On Linux

This may be old hat for some, but I just discovered today that it is possible to have duplicate user IDs on the same Linux machine. The 'useradd' and 'adduser' commands will not allow it:

root@kratos:~# useradd -u 0 test_root
useradd: UID 0 is not unique

However, not to fear. Hand-editing the /etc/passwd file is possible, and further, giving the ability for a successful login. For example, here are the first 10 lines of my /etc/passwd:

root@kratos:~# head /etc/passwd
root@kratos:~# pwconv

I ran the 'pwconv' command to update the /etc/shadow file for the password aging information on the 'test_user'. Now, to test with a login shell:

root@kratos:~# passwd test_root
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
root@kratos:~# ssh test_root@localhost
test_root@localhost's password: 
test_root@kratos:~# whoami

As you probably know, Linux doesn't care much about the username itself, as much as it does the UID of the username. Further, when testing the account against the /etc/passwd file for existence, upon first successful pass is the winning account. That is why 'whoami' shows the 'test_root' account rather than the 'root' account.

Why would you do this? Doesn't this just seem silly? To be honest, the only solution I can see with multiple UIDs, would be for the root account as demonstrated above. This way, if you lock out the root account, say with PAM or otherwise, you have a "back door" root account that you can use. Unfortunately, this leads to bad overhead, and sloppy administration. Further, I've heard applications check for the username "root" rather than the UID "0" like they should, thus generating broken apps when using the backdoor account. Definitely, a better solution to this scenario would be proper delegation of the 'sudo' command via the /etc/sudoers file.

I would be interested on further insight for those who have encountered this scenario before. Please comment.

{ 20 } Comments