Comments on: Duplicate UIDs On Linux Linux. GNU. Freedom. Sun, 13 May 2018 18:21:35 +0000 hourly 1 By: Josef Wed, 05 Dec 2012 15:03:27 +0000 I use this to have a second user with bash for sftp-clients.
I use zsh as my shell and have it start in screen at login (so actually screen is my login shell) asd GUI sftp clients don't work that way. With a second [username]-sftp user with same UID and GID I can transfer files and they have the correct rights.

By: draeath Mon, 13 Jun 2011 14:56:44 +0000 I've run into a case where the clamd packages were expecting the user clamav, and yet other software was insisting (eg replacing the config change on update) on it being clam. The best solution I found to prevent maintenance headaches was to make sure the clamav and clam users/groups have the same ID numbers.

Since I did this, I have yet to have to go back and fix the thing after an update.

By: Marco Ceppi Mon, 28 Jun 2010 18:14:06 +0000 AlexP: I used a similar hack for Tomcat - someone needed to upload and modify Tomcat configuration files, and upload webapps, without using SSH (They used SFTP) So I created a user with the same UID/GID as tomcat, as files are modified and written by either the user or tomcat the UID stays the same and permissions can be more restrictive.

However this was, as I consider, a hack. I haven't seen any negative impacts but with enough brainpower and time I'm sure a better compromise could have been hatched.

I don't recommend this for production environments.

By: Aaron Tue, 13 Apr 2010 14:56:01 +0000 Not sure I follow. You want to create a folder that gives the apache user write access to it automatically? Probably best to use file ACLs. Check out the 'setfacl -d' command.

By: AlexP Thu, 08 Apr 2010 08:20:59 +0000 I realize this post is almost 2 years old, but hopefully someone jumps back on it?

By: AlexP Thu, 08 Apr 2010 08:20:16 +0000 So i ran into this "occasion" where i am trying to figure out the proper way to do it, and my "scrappy" brain decided why not duplicate the UID and GID?...

I am learning/setting up CentOS Server admin. I installed vsftpd and apache, and the problem was, if i made any changes or created a folder with the ftpsecure user via my ftp client then apache didnt have privileges to write to that folder unless i chmod 775 the folder opposed to keeping it at 755.

So if my apache UID and GID were 46, i just created another user "example" and then placed the example above apache so it was found on the first pass.

Now i can create folders via ftp and have apache(php) able to write to them.

Although this works, i get the hunch its not save or stable?

By: rnd Fri, 01 Aug 2008 23:36:04 +0000 P.S. Sorry about posting from vista... I'm at work...

By: rnd Fri, 01 Aug 2008 23:34:15 +0000 Actually I was thinking about utilizing this to create a second user with the same id as www-data/httpd/apache2 user so I could create a user who could log into a vsftpd chrooted session but be in the doc root with the correct user ID to automatically make files readable to the web server. Of course the real user running the Apache daemon would remain disabled for login. Does anybody foresee a major issue with this idea? Your feedback would be appreciated!

By: Alex Sun, 27 Jul 2008 12:39:33 +0000 I once tried this with a regular user, in order to have two KDE stored sessions, depending on if I was online or not. It apparently worked, but then subtle errors which I no longer remember happened down the way. I guess that the ambiguous name given the UID do mattered somewhere. It seemed a good idea at the time, though.

By: Fergus Doyle Wed, 23 Jul 2008 22:34:21 +0000 One reason to use it is if you are using a certain software package and you want to have say a "menu" log in and "shell" and maybe a reports login. Now what happens is depending on your username you get access to different functionality according to your .profile. But we still need to be careful about permissions because if we are accessing shared memory or stopping / starting processes we need to have the correct permissions. Sure you can do most of this through group permissions rather than user perms ions but shared memory can be more _troublesome_ on some versions of Unix not sure where Linux stands on this one though.

By: grsjst Mon, 21 Jul 2008 08:23:51 +0000 I suppose duplicate uid's may be helpful for nfs when the same user has differnt uid's on different machines.

By: Tormod Fri, 18 Jul 2008 13:09:09 +0000 "Further, when testing the account against the /etc/passwd file for existence, upon first successful pass is the winning account. That is why ‘whoami’ shows the ‘test_root’ account rather than the ‘root’ account."

So if you log in as root (as opposed to test_root in your example) "whoami" will return "test_root"? If whoami is meant to "print the user name associated with the current effective user ID" that's a reasonable behaviour.

By: Jeff Schroeder Fri, 18 Jul 2008 12:25:27 +0000 Editing /etc/passwd is pretty undesirable. If you mess it up, you pork your system. Don't do that unless you *really* know what you are doing.

Use vipw as it won't let you save an invalid passwd file, or something along the lines of:
usermod -o -u 0 hax0r

The "-o" allows you to use non-unique uids and doesn't have a chance of hosing your system. Never try to be too clever, it will bite you in the end.

To answer your question, what if you need to do something that you would normally do with group permissions, but using a group is not really an option? Even if it sounds ugly, it will pop up on the rare occassion.

The solution is generally to use a duplicate UID even if it is discouraged.

@anonymous: Take a look at this simple lockdown script I wrote for Ubuntu, it is intelligent enough to remove the login shells from many users who don't need it and works from Dapper+ :

By: anonymous Fri, 18 Jul 2008 11:02:55 +0000 A third post certainly feels stupid, even though the aim is not to troll.

A. A typo in the above; "without\with\ the UID/GID-combination".

B. Perhaps you could blog about the shells in default Ubuntu install. Why on earth there is a valid shell for, say, man-pages? This is one of those things that are not "sensible defaults" and gives a serious messy feeling about Ubuntu's interiors.

By: anonymous Fri, 18 Jul 2008 10:58:02 +0000 Oh, yes and one more thing:

"Further, I’ve heard applications check for the username “root” rather than the UID “0″ like they should."

You can not obtain any privileges with the UID/GID-combination. The names are just for convenience; I remember that the getuid() -man page was (once) decent on Linux.

Perhaps you should reread about the standard UNIX/Linux DAC model. For multiple superusers, you need MAC or similar solution (think e.g. SELinux), as you probably are well aware of.

By: anonymous Fri, 18 Jul 2008 10:53:39 +0000 @Another John:

Yeah, the so-called "toor-user" is in NetBSD too.


This has nothing to do with “back door” root account, but instead it is typically due different shells:

root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again superuser:/root:/bin/sh

Of course in Linux it is Bash all the way down, so there is no real reason for this odd feature.

By: T Steffen Fri, 18 Jul 2008 10:43:26 +0000 I used to work in a place ages ago where everybody had the same user id. This was on HP, but I guess Linux is broadly similar.

For access restrictions, the UID is the only thing that matters. But you can still have separate home directories and profiles, because those are set based on the actual user name. Also the variable $USER can be used if necessary - as you have found out already.

By: Another John Fri, 18 Jul 2008 10:41:49 +0000 On FreeBSD you have a special account called 'toor' that works in the way John Gill describes. See

By: John Gill Fri, 18 Jul 2008 07:18:31 +0000 Only use I can think of is to have a way to log on with different default shells for the same user.

By: John Myers Fri, 18 Jul 2008 05:00:04 +0000 useradd does allow creating users with duplicate IDs with the -o option