On Jan 19, 2009, at 4:05 PM, Rob van der Heij wrote:
I have heard that suggestion before, and it appears to come from those who never tried it. I recall that several things get messy when you don't maintain a 1-to-1 mapping of names and uid 0. IIRC the reverse mapping goes through the nscd cache and the result will change color depending on who is looking. The most scary one is seeing yourself as the owner of the file although you never created it. It also breaks stuff that tests for root, and &deity knows what.
Well, one obvious lesson here is: "Don't ever use nscd because it is malicious and evil and sucks and lurks under your chair at the movies and steals your popcorn and gets it all slimy." Oooh, we hates it. We hates it forever. I remember hearing that in some LDAP environments, nscd really *does* help, but it's caused me much more harm than it's ever done good. YMMV. I have never tried giving out multiple uid 0 users, and the idea makes me twitchy. But on the other hand, on many occasions I've had a second uid 0 user, named "toor", who had a SANE login shell. I have seen horrifically written software that checks to see if it's being run by "root" rather than by uid 0. But then, I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. C-beams glittering in the dark near the Tannhauser gate. Um. It's really, really not Friday yet, is it? Adam ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
