On Mon, Jan 14, 2002 at 02:16:21PM -0500, Greg A. Woods wrote:
| The usual problems with having multiple superuser accounts is that
| there's really only one from the kernel's perspective (user-names are
| not used in the kernel, only the magic number zero),
This is a problem not only with UID '0', but with any UID. If you
want to see this in action, make two entries in /etc/passwd with 2
unique names and 1 UID. Make the first name "name1" and the second
"name2".
Now use 'visudo' to give "name2" the right to run some command as
another user. Login as "name2", run "sudo <command>" and you will be
told that "name1" doesn't have permission.
What happened? Sudo can call a function and find out the uid of the
user who ran it. Then it reverses that to a name (and gets the first
one in /etc/passwd) and looks to see if that user is allowed to
execute the requested command.
I know this because I tried it once :-).
-D
--
No harm befalls the righteous,
but the wicked have their fill of trouble.
Proverbs 12:21
