topic Re: User ID resue. in Operating System - HP-UX

User ID resue.

Nellian Solaiappan — Mon, 07 Feb 2005 13:10:18 GMT

Hi
Can any one explain how User ID is being reused in HP UX 11.0? I know that 1-100 is reserved for system accounts.

Regards
Nell

Re: User ID resue.

Steven E. Protter — Mon, 07 Feb 2005 13:19:49 GMT

All you have to do to violate that restriction is vi /etc/passwd and change the user id.

You don't want to do this. But someone at your shop may have done that.

SEP

Re: User ID resue.

Nellian Solaiappan — Mon, 07 Feb 2005 13:22:28 GMT

Actually,
I'm looking to understand how the OS reuses Userids. Lets say that I created uids 101 - 200 and then I deleted 150-160. How will the os reuse the ids 150-160? It looks like the ids are being reused and I just cant figure out the pattern.

Regards
Nell

Re: User ID resue.

Pete Randall — Mon, 07 Feb 2005 13:36:56 GMT

Nell,

Apparently you're using SAM to set up your users. SAM does re-use id's by taking the lowest available number over 100.

Pete

Re: User ID resue.

Rick Garland — Mon, 07 Feb 2005 13:54:29 GMT

In theory, should never reuse an ID.
In practice, this happens frequently.

Use the /usr/sbin/logins -d command to identify duplicate user IDs.

man logins to see many more options to the logins command

Re: User ID resue.

Jan van den Ende — Mon, 07 Feb 2005 15:45:40 GMT

In theory, should never reuse an ID.
In practice, this happens frequently.

but, if you have a need for any security awareness, you should make sure of a way to prevent this!!!!

_ANYTHING_ owned by / done by the previous holder of that ID will now be _OWNED_ by the new holder / be accounted towards the new holder!!!

We keep the existing UIC's around for 5 years after account expiration, a.o. for these reasons.

hth

Proost.

Have one on me.

Jan

Re: User ID resue.

Bill Hassell — Mon, 07 Feb 2005 21:58:54 GMT

HP-UX doesn't know anything about users. User ID's are simply numbers used to associate files and directories with a particular entry in the passwd file. The OS never assigns user IDs...that is the job of the system administrator. If you use SAM, you *MUST* look at the number picked by SAM and choose a different one if it is too low. To see the highest userID in your passwd file, use this command:

cut -d : -f 3 /etc/passwd | sort -rn|head -1

The number shown is the last used. Add +1 and tell SAM to use it if it isn't automatic. SAM will not let you create a new user with the same UID qas another user.

As far as reusing userID's, if you completely remove all files owned by a deleted user, the the UID number can be reused. But on complicated systems where users share files and create interdependencies (not a good design practice), this may not be possible.

Re: User ID resue.

Jan van den Ende — Tue, 08 Feb 2005 03:19:14 GMT

Bill,

. But on complicated systems where users share files and create interdependencies (not a good design practice), this may not be possible.

.. if you need to be accountable, your databases need to store the ID of who performed a change. Can you call that "not a good design practise"?
Hack, we have several databases for which _BY LAW_ even EVERY QUERY has to be logged and accountable, and available for review (but only under guarded conditions, and any review itself subject to those same reqiorements) till 5 years after.

Think about such environments, and you will realise why even the idea of re-using ID's is gruesome!

but ymmv, of course.

Proost.

Have one on me,

Re: User ID resue.

B. Hulst — Tue, 08 Feb 2005 04:01:31 GMT

Hi,

Do you run out of userids?

There is about 64000 available... :-)

For security reasons it is not good to re-use them.

Regards,
Bob

Re: User ID resue.

Gordon Morrison_1 — Tue, 08 Feb 2005 06:16:05 GMT

Just a suggestion - When I create a new user account, I use their staff number as their User ID.

(This might cause a problem, depending on the size of your company: I think MAXUID is about 64000000 ;o)

Re: User ID resue.

Nellian Solaiappan — Mon, 14 Feb 2005 13:36:30 GMT

Thanks all. I understand that I cant stop Unix from REUSING id's.