HPE Community
Operating System - HP-UX
1837968 Members
2860 Online
110124 Solutions
New Discussion

User ID resue.

 
SOLVED
Go to solution
Nellian Solaiappan
Frequent Advisor

‎02-07-2005 05:10 AM

‎02-07-2005 05:10 AM

User ID resue.

Hi
Can any one explain how User ID is being reused in HP UX 11.0? I know that 1-100 is reserved for system accounts.

Regards
Nell
0 Kudos
10 REPLIES 10
Steven E. Protter
Exalted Contributor

‎02-07-2005 05:19 AM

‎02-07-2005 05:19 AM

Re: User ID resue.

All you have to do to violate that restriction is vi /etc/passwd and change the user id.

You don't want to do this. But someone at your shop may have done that.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Nellian Solaiappan
Frequent Advisor

‎02-07-2005 05:22 AM

‎02-07-2005 05:22 AM

Re: User ID resue.

Actually,
I'm looking to understand how the OS reuses Userids. Lets say that I created uids 101 - 200 and then I deleted 150-160. How will the os reuse the ids 150-160? It looks like the ids are being reused and I just cant figure out the pattern.

Regards
Nell
0 Kudos
Pete Randall
Outstanding Contributor

‎02-07-2005 05:36 AM

‎02-07-2005 05:36 AM

Re: User ID resue.

Nell,

Apparently you're using SAM to set up your users. SAM does re-use id's by taking the lowest available number over 100.


Pete

Pete
0 Kudos
Rick Garland
Honored Contributor

‎02-07-2005 05:54 AM

‎02-07-2005 05:54 AM

Re: User ID resue.

In theory, should never reuse an ID.
In practice, this happens frequently.

Use the /usr/sbin/logins -d command to identify duplicate user IDs.

man logins to see many more options to the logins command
0 Kudos
Jan van den Ende
Honored Contributor

‎02-07-2005 07:45 AM

‎02-07-2005 07:45 AM

Re: User ID resue.


In theory, should never reuse an ID.
In practice, this happens frequently.

but, if you have a need for any security awareness, you should make sure of a way to prevent this!!!!

_ANYTHING_ owned by / done by the previous holder of that ID will now be _OWNED_ by the new holder / be accounted towards the new holder!!!

We keep the existing UIC's around for 5 years after account expiration, a.o. for these reasons.

hth

Proost.

Have one on me.

Jan

Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Bill Hassell
Honored Contributor

‎02-07-2005 01:58 PM

‎02-07-2005 01:58 PM

Solution

Re: User ID resue.

HP-UX doesn't know anything about users. User ID's are simply numbers used to associate files and directories with a particular entry in the passwd file. The OS never assigns user IDs...that is the job of the system administrator. If you use SAM, you *MUST* look at the number picked by SAM and choose a different one if it is too low. To see the highest userID in your passwd file, use this command:

cut -d : -f 3 /etc/passwd | sort -rn|head -1

The number shown is the last used. Add +1 and tell SAM to use it if it isn't automatic. SAM will not let you create a new user with the same UID qas another user.

As far as reusing userID's, if you completely remove all files owned by a deleted user, the the UID number can be reused. But on complicated systems where users share files and create interdependencies (not a good design practice), this may not be possible.


Bill Hassell, sysadmin
0 Kudos
Jan van den Ende
Honored Contributor

‎02-07-2005 07:19 PM

‎02-07-2005 07:19 PM

Re: User ID resue.

Bill,

. But on complicated systems where users share files and create interdependencies (not a good design practice), this may not be possible.


.. if you need to be accountable, your databases need to store the ID of who performed a change. Can you call that "not a good design practise"?
Hack, we have several databases for which _BY LAW_ even EVERY QUERY has to be logged and accountable, and available for review (but only under guarded conditions, and any review itself subject to those same reqiorements) till 5 years after.

Think about such environments, and you will realise why even the idea of re-using ID's is gruesome!

but ymmv, of course.

Proost.

Have one on me,
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
B. Hulst
Trusted Contributor

‎02-07-2005 08:01 PM

‎02-07-2005 08:01 PM

Re: User ID resue.

Hi,

Do you run out of userids?

There is about 64000 available... :-)

For security reasons it is not good to re-use them.

Regards,
Bob
0 Kudos
Gordon Morrison_1
Regular Advisor

‎02-07-2005 10:16 PM

‎02-07-2005 10:16 PM

Re: User ID resue.

Just a suggestion - When I create a new user account, I use their staff number as their User ID.

(This might cause a problem, depending on the size of your company: I think MAXUID is about 64000000 ;o)
What does this button do?
0 Kudos
Nellian Solaiappan
Frequent Advisor

‎02-14-2005 05:36 AM

‎02-14-2005 05:36 AM

Re: User ID resue.

Thanks all. I understand that I cant stop Unix from REUSING id's.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.