On Sat, Aug 09, 2008 at 10:28:25PM -0400, Glenn Brunette wrote:
>
>
> Jyri Virkki wrote:
>>
>> On Aug 9, 2008, at 3:16 PM, Glenn Brunette wrote:
>>>
>>> other OpenSolaris instances. This was the concern that two OpenSolaris
>>> systems with software deployed in different orders could end up with 2
>>> accounts having the same UID. This is bad and has caused a great deal
>>> of problems in the past.
>>
>> Two [different] accounts with the same numeric uid on a system would
>> certainly be a problem, but that wasn't the topic at hand.
>
> I mean a case like 2 "web" accounts with different UIDs - each on a
> different system. A lot of administrative activities may involve
> tar'ing up files from one system and extracting them on another. While
> there are a number of recommended practices for dealing with this,
> invariably this happens as 'root' and the extracted files retain the UID
> of the initial system so files that were owned by "web" for example are
> now no longer so.
This would also happen in the very simple case of a restore from a
different machine.
> Perhaps this just points to the need for greater education (since there
> are a number of workarounds for this), but it has happened in nearly
> every customer I have reviewed (security assessment) over the last
> decade. As such, it is a use case that we should not ignore.
It could be a matter of education, or the project could choose to make
the problem go away and have an advantage over the competition. I'm not
sure why we wouldn't choose the latter. I'm hoping that the Linux
familiarity project doesn't extend to bug compatibility for its own
sake.
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL:
<http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20080810/dc4a17d7/attachment.bin>
