Re: Wrong user logname

Kafsat Taiyus_1 · ‎08-22-2002

We are running HP UX 11i. We are having a strange problem with user name. Ocationally users say user A logs into the system. In that particular session if we give

command whoami
output A
command echo $LOGNAME
output A
command logname
output X (this is wrong it should have been A)

the wrong output seems to be always one of a set of three user names. We have deleted those users. So now X is not even a valid unix user.
We have checked utmp file there are no entries for X in it.

id command returns all vaid answers.

Any idea what might be causing the problem and how to fix it.

Have a lovely day.

Regards
Kafsat

Michael Tully · ‎08-22-2002

Just in case: Change the root password, and look for any other entries that have a '0' UID in the /etc/passwd file.

Run the 'pwck' command to check the rest of your password file.

Anyone for a Mutiny ?

Kafsat Taiyus_1 · ‎08-22-2002

We have more then one users with id 0. The application we run requires it, pwck do not return any error.

harry d brown jr · ‎08-22-2002

Kafsat,

No points here please.

But as a security freak can I ask what application absolutely requires multiple users to share userid 0 with different usernames???

It really sounds like an application design flaw to me, but that's my soapbox speaking, being a former reformed applciation programmer.

live free or die
harry

Live Free or Die

Michael Tully · ‎08-22-2002

Having mulitple users having access to UID '0' is just asking for trouble. It is conceivable that something strange has happened to your system without you knowing anything about it. Other than to remove the users and re-create them is not a lot you can do.

Auditors would have a field day with this system.

Anyone for a Mutiny ?

Kafsat Taiyus_1 · ‎08-22-2002

It is not an absolute requirement for the application. It is a choice of convenience and we decided to stick with it.

I don't think it is the source of problem, we are running this application for more then 7 years with same configuration.

Frank Slootweg · ‎08-23-2002

You probably did a "su - A" before.

The logname(1) *command* gets its info from /etc/utmp. See getlogin(2) which is mentioned in the logname(1) manual page.

The LOGNAME *variable* is set to the new user A).

You will see that "who am i" (*with* spaces between the words) will also show X. For details see the who(1) manual page for "who am i" and the whoami(1) manual page for "whoami".

Christian Gebhardt · ‎08-30-2002

Hello to all

I have the same problem on several machines running HPUX 11.00.

Details:

- Only root as uid 0
- 'whoami' --> root
- 'who am i' --> root
- 'id' --> uid=0(root) gid=...
- 'logname' --> webob
- 'su - oracle8' --> entry in syslog.log: "... su : + 0 webob-oracle8"
- 'mailx ...' --> mail is sent from user webob
- 'userdel ..webob ...' --> the same behaviour

Facts I have found out:

- It's not always the same username
- The wrong username must not exist on the machine, even the wrong user had never exist on the system
- The information about the username came from the Files /etc/utmp /etc/utmpx or /etc/wtmp

Possible reason:

It depends on how to login: no problems with telnet or rlogin.

We uses openssh 2.9.9p2 as ssh-server and only actions running from ssh-Windows have the wrong logname.

In next future we will install openssh 3.x and I hope the problem will be solved.

Christian Gebhardt · ‎08-30-2002

Kafsat,

excuse me, I have forgotten to write down a (quick and maybe dirty) fix of the problem:

Backup the files /etc/utmp /etc/utmpx /var/adm/wtmpx /var/adm/wtmp

cp /dev/null /etc/utmp
...

logout/login, 'logname' will now give the correct answer.

Remember: You will loose current logon-information (e.g. 'who' is working incorrectly)

Martin Johnson · ‎08-30-2002

HPUX (as well as AIX and Solaris...maybe others) do not support duplicate UIDs. Utilities such as finger, whoami, etc may not work correctly.

As for multiple users with UID=0, there are pros and cons. Our auditing department requires them for auditing purposes. They do come in handy when something happens to the root account (like being locked out with too many incorrect attempts).

HTH
Marty

Tim D Fulford · ‎08-31-2002

This thread is rapidly becomming a "should there be multiple UID=0" thread!

My 0.02???, NO, use sudo, suid (careful, another can of worms)

Personally I prefer to see suid rather than multiple uid=0 because
1 - Roots password can be secret, as there is only 1
2 - suid progs should be "well" maintained to do specific jobs than need to be done by root.
3 - The password file will be "supported" e.g. finger, resolving user names utmp/wtmp/btmp etc, & general tracability (last)

The above said the "King" is sudo. It may not be perfect (you can inadvertently leave security loopholes, like vi!). But it goes along way to allowing restriced, audited access to potentially "dangerous" commands (like "chmod", consider "chmod -R 444 /"!)

Regards

Tim

-

Categories

Company

Local Language

Forums

Discussions

Knowledge Base

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Wrong user logname

Wrong user logname