How does Linux identify users?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
8
down vote

favorite
4












I mean, if two users have the same name, how does the system know that they're actually different users when it enforces file permissions?



This doubt came to my mind while I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.







share|improve this question

















  • 12




    The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
    – Ignacio Vazquez-Abrams
    Jun 20 at 21:06






  • 6




    UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output of ls -n.
    – DopeGhoti
    Jun 20 at 21:10







  • 5




    "Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
    – Ignacio Vazquez-Abrams
    Jun 20 at 21:11







  • 1




    @IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a different arch.
    – Arch Stanton
    Jun 20 at 21:17







  • 1




    I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
    – Time4Tea
    Jun 20 at 21:51














up vote
8
down vote

favorite
4












I mean, if two users have the same name, how does the system know that they're actually different users when it enforces file permissions?



This doubt came to my mind while I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.







share|improve this question

















  • 12




    The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
    – Ignacio Vazquez-Abrams
    Jun 20 at 21:06






  • 6




    UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output of ls -n.
    – DopeGhoti
    Jun 20 at 21:10







  • 5




    "Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
    – Ignacio Vazquez-Abrams
    Jun 20 at 21:11







  • 1




    @IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a different arch.
    – Arch Stanton
    Jun 20 at 21:17







  • 1




    I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
    – Time4Tea
    Jun 20 at 21:51












up vote
8
down vote

favorite
4









up vote
8
down vote

favorite
4






4





I mean, if two users have the same name, how does the system know that they're actually different users when it enforces file permissions?



This doubt came to my mind while I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.







share|improve this question













I mean, if two users have the same name, how does the system know that they're actually different users when it enforces file permissions?



This doubt came to my mind while I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.









share|improve this question












share|improve this question




share|improve this question








edited Jun 21 at 8:37
























asked Jun 20 at 21:03









Arch Stanton

153213




153213







  • 12




    The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
    – Ignacio Vazquez-Abrams
    Jun 20 at 21:06






  • 6




    UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output of ls -n.
    – DopeGhoti
    Jun 20 at 21:10







  • 5




    "Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
    – Ignacio Vazquez-Abrams
    Jun 20 at 21:11







  • 1




    @IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a different arch.
    – Arch Stanton
    Jun 20 at 21:17







  • 1




    I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
    – Time4Tea
    Jun 20 at 21:51












  • 12




    The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
    – Ignacio Vazquez-Abrams
    Jun 20 at 21:06






  • 6




    UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output of ls -n.
    – DopeGhoti
    Jun 20 at 21:10







  • 5




    "Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
    – Ignacio Vazquez-Abrams
    Jun 20 at 21:11







  • 1




    @IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a different arch.
    – Arch Stanton
    Jun 20 at 21:17







  • 1




    I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
    – Time4Tea
    Jun 20 at 21:51







12




12




The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
– Ignacio Vazquez-Abrams
Jun 20 at 21:06




The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
– Ignacio Vazquez-Abrams
Jun 20 at 21:06




6




6




UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output of ls -n.
– DopeGhoti
Jun 20 at 21:10





UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output of ls -n.
– DopeGhoti
Jun 20 at 21:10





5




5




"Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
– Ignacio Vazquez-Abrams
Jun 20 at 21:11





"Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
– Ignacio Vazquez-Abrams
Jun 20 at 21:11





1




1




@IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a different arch.
– Arch Stanton
Jun 20 at 21:17





@IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a different arch.
– Arch Stanton
Jun 20 at 21:17





1




1




I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
– Time4Tea
Jun 20 at 21:51




I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
– Time4Tea
Jun 20 at 21:51










4 Answers
4






active

oldest

votes

















up vote
9
down vote



accepted










In Unix, users are identified by their ID (uid), which must be unique (in the scope of the local system).
So even if it were possible to create 2 different users with the same name
(adduser on my system refuses to do this, see this question for further information Can separate unix accounts share a username but have separate passwords?), they would need to get different uids. While you may be able to manipulate files containing the user information to match your criteria, every program is based on the assumption that uids are unique on the system, so such users would be identical.



EDIT: The other answer demonstrated a case where you have 2 different user names for the same uid - as far as the system is concerned though, this is like having two different names for the same user, so constructs like this should be avoided if possible, unless you specifically want to create an alias for a user on the system (see the unix user alias question on
serverfault for more information on the technicalities).



The system uses these uids to enforce file permissions.
The uid and gid (group id) of the user the file belongs to are written into the metadata of the file. If you carry the disk to another computer with a different user that randomly shares the same uid, the file will suddenly belong to this user on that system. Knowing that uids are usually
not more than 16-bit integers on a unix system, this shows that the uids
are not meant to be globally unique, only unique in scope of the local system.






share|improve this answer






























    up vote
    21
    down vote













    If you force there to exist multiple users with the same username, then there will be multiple entries in /etc/shadow,passwd with the same name:



    $ cat /etc/passwd
    ...
    a:x:1001:1002::/home/a:/bin/bash
    a:x:1002:1003::/home/b:/bin/bash

    # cat /etc/shadow
    a:...:17702:0:99999:7:::
    a:...:17702:0:99999:7:::


    If you try to log in as that user, you'll log in as the first match.



    $ ssh a@<host>
    Password:
    $ id
    uid=1001(a) gid=1002(a) groups=1002(a)
    $ pwd
    /home/a


    There will be no way to log in as the second user with the same name.



    Note that Linux tracks users by their uid, not by their username.



    It would be possible, however, to have two different usernames be the same user ID. Consider a different version of /etc/passwd:



    $ cat /etc/passwd
    ...
    a:x:1001:1002::/home/a:/bin/bash
    b:x:1001:1002::/home/b:/bin/bash


    Note that for both usernames a and b, the third column is 1001 -- that's the uid / user ID. Now, if user a or user b logs in (even with different passwords), they'll both be "user 1001", and show as user a from the OS' perspective. Here too, the first matching entry is the one returned (in most cases):



    $ ssh a@host
    Password: <a's password>
    $ id
    uid=1001(a) gid=1002(a) groups=1002(a)

    $ ssh b@host
    Password: <b's password>
    $ id
    uid=1001(a) gid=1002(a) groups=1002(a)


    Both a and b are uid 1001 and will have access to the resources available to uid 1001.






    share|improve this answer























    • why doesn't it check for duplicated usernames when creating a new one?
      – phuclv
      Jun 21 at 2:18






    • 8




      Note that I think even the most baseline useradd will throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit /etc/passwd and /etc/shadow which is very much Don't Try This At Home territory.
      – Shadur
      Jun 21 at 7:35










    • "There will be no way to log in as the second user with the same name." Couldn't you still call setuid with the second UID? Or even sudo -u '#<uid>' bash?
      – jazzpi
      Jun 21 at 12:46






    • 1




      @jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
      – Michael Kjörling
      Jun 21 at 13:41

















    up vote
    3
    down vote














    I was considering to rename my home /home/old-arch before reinstalling the system. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.




    If you have a single-user system and do a reinstall with the same, or a similar distribution, it's very likely that your user account will have the same user id, and hence be the same user from the kernel's perspective. For example, the user created during installation has been UID 1000 on Debian systems as far as I can remember. Other systems might use some other number, but it's very likely to be some small-ish integer that's the same on every install.



    The same applies to other users too (if you have any) since the UIDs are usually allocated sequentially. The third user created is likely to have the same UID as the third user created on another system. You'd need to take steps beforehand to make sure that the UIDs aren't being reused on both systems.



    For similar reasons, anything using NFS will need to have a shared user database.



    But in this case, since it's your personal system you can just login as root and run chown newuser. -R /home/olduser even if the UID were to be different.



    (Windows systems are different, they generate that longish ID string that's more random. There, if you move a disk to another machine, the files will be seen owned by an unknown user, and you won't have access without using administrator powers.



    Also, I said "likely" a lot in the above. There's no telling if some distribution behaves differently. Modern Linux also supports 32-bit UIDs, so while that's not nearly as long as Windows SIDs, there's still some space to use if one wants to have e.g. randomized UIDs. Usually, there's not much use for that, though. The system administrator is supposed to know what disks they attach to the system and to adjust the file ownerships accordingly, or make the mountpoint inaccessible to other users.)






    share|improve this answer




























      up vote
      1
      down vote













      Unix is a very old system, an era where storage capacities were very tiny, and everything — as well files as users — were identified by numbers. Names came later, after storage had grown a little bit.



      A virtue of this system is that names are only labels hooked to the real handles: the numeric IDs. So you can have several names for one user (in editing /etc/passwd directly), as well as several names for one file (useful to store the file only once, but see it at several locations).



      Limits are the system for the user, and the partition for the file.



      I say that just to clarify, to explain why things are what they are.



      I must confess I have never tried the opposite way — a same name with different IDs — I had always thought it was not possible. Is it? Not as a bug?






      share|improve this answer

















      • 1




        So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
        – Doug O'Neal
        Jun 21 at 13:02










      • Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
        – ypouplard
        Jun 21 at 14:26






      • 1




        @DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
        – cHao
        Jun 21 at 14:26







      • 3




        @ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
        – Doug O'Neal
        Jun 21 at 16:32










      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );








       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f450973%2fhow-does-linux-identify-users%23new-answer', 'question_page');

      );

      Post as a guest






























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      9
      down vote



      accepted










      In Unix, users are identified by their ID (uid), which must be unique (in the scope of the local system).
      So even if it were possible to create 2 different users with the same name
      (adduser on my system refuses to do this, see this question for further information Can separate unix accounts share a username but have separate passwords?), they would need to get different uids. While you may be able to manipulate files containing the user information to match your criteria, every program is based on the assumption that uids are unique on the system, so such users would be identical.



      EDIT: The other answer demonstrated a case where you have 2 different user names for the same uid - as far as the system is concerned though, this is like having two different names for the same user, so constructs like this should be avoided if possible, unless you specifically want to create an alias for a user on the system (see the unix user alias question on
      serverfault for more information on the technicalities).



      The system uses these uids to enforce file permissions.
      The uid and gid (group id) of the user the file belongs to are written into the metadata of the file. If you carry the disk to another computer with a different user that randomly shares the same uid, the file will suddenly belong to this user on that system. Knowing that uids are usually
      not more than 16-bit integers on a unix system, this shows that the uids
      are not meant to be globally unique, only unique in scope of the local system.






      share|improve this answer



























        up vote
        9
        down vote



        accepted










        In Unix, users are identified by their ID (uid), which must be unique (in the scope of the local system).
        So even if it were possible to create 2 different users with the same name
        (adduser on my system refuses to do this, see this question for further information Can separate unix accounts share a username but have separate passwords?), they would need to get different uids. While you may be able to manipulate files containing the user information to match your criteria, every program is based on the assumption that uids are unique on the system, so such users would be identical.



        EDIT: The other answer demonstrated a case where you have 2 different user names for the same uid - as far as the system is concerned though, this is like having two different names for the same user, so constructs like this should be avoided if possible, unless you specifically want to create an alias for a user on the system (see the unix user alias question on
        serverfault for more information on the technicalities).



        The system uses these uids to enforce file permissions.
        The uid and gid (group id) of the user the file belongs to are written into the metadata of the file. If you carry the disk to another computer with a different user that randomly shares the same uid, the file will suddenly belong to this user on that system. Knowing that uids are usually
        not more than 16-bit integers on a unix system, this shows that the uids
        are not meant to be globally unique, only unique in scope of the local system.






        share|improve this answer

























          up vote
          9
          down vote



          accepted







          up vote
          9
          down vote



          accepted






          In Unix, users are identified by their ID (uid), which must be unique (in the scope of the local system).
          So even if it were possible to create 2 different users with the same name
          (adduser on my system refuses to do this, see this question for further information Can separate unix accounts share a username but have separate passwords?), they would need to get different uids. While you may be able to manipulate files containing the user information to match your criteria, every program is based on the assumption that uids are unique on the system, so such users would be identical.



          EDIT: The other answer demonstrated a case where you have 2 different user names for the same uid - as far as the system is concerned though, this is like having two different names for the same user, so constructs like this should be avoided if possible, unless you specifically want to create an alias for a user on the system (see the unix user alias question on
          serverfault for more information on the technicalities).



          The system uses these uids to enforce file permissions.
          The uid and gid (group id) of the user the file belongs to are written into the metadata of the file. If you carry the disk to another computer with a different user that randomly shares the same uid, the file will suddenly belong to this user on that system. Knowing that uids are usually
          not more than 16-bit integers on a unix system, this shows that the uids
          are not meant to be globally unique, only unique in scope of the local system.






          share|improve this answer















          In Unix, users are identified by their ID (uid), which must be unique (in the scope of the local system).
          So even if it were possible to create 2 different users with the same name
          (adduser on my system refuses to do this, see this question for further information Can separate unix accounts share a username but have separate passwords?), they would need to get different uids. While you may be able to manipulate files containing the user information to match your criteria, every program is based on the assumption that uids are unique on the system, so such users would be identical.



          EDIT: The other answer demonstrated a case where you have 2 different user names for the same uid - as far as the system is concerned though, this is like having two different names for the same user, so constructs like this should be avoided if possible, unless you specifically want to create an alias for a user on the system (see the unix user alias question on
          serverfault for more information on the technicalities).



          The system uses these uids to enforce file permissions.
          The uid and gid (group id) of the user the file belongs to are written into the metadata of the file. If you carry the disk to another computer with a different user that randomly shares the same uid, the file will suddenly belong to this user on that system. Knowing that uids are usually
          not more than 16-bit integers on a unix system, this shows that the uids
          are not meant to be globally unique, only unique in scope of the local system.







          share|improve this answer















          share|improve this answer



          share|improve this answer








          edited Jun 21 at 14:12


























          answered Jun 20 at 21:24









          Lollen Jumplan

          1709




          1709






















              up vote
              21
              down vote













              If you force there to exist multiple users with the same username, then there will be multiple entries in /etc/shadow,passwd with the same name:



              $ cat /etc/passwd
              ...
              a:x:1001:1002::/home/a:/bin/bash
              a:x:1002:1003::/home/b:/bin/bash

              # cat /etc/shadow
              a:...:17702:0:99999:7:::
              a:...:17702:0:99999:7:::


              If you try to log in as that user, you'll log in as the first match.



              $ ssh a@<host>
              Password:
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)
              $ pwd
              /home/a


              There will be no way to log in as the second user with the same name.



              Note that Linux tracks users by their uid, not by their username.



              It would be possible, however, to have two different usernames be the same user ID. Consider a different version of /etc/passwd:



              $ cat /etc/passwd
              ...
              a:x:1001:1002::/home/a:/bin/bash
              b:x:1001:1002::/home/b:/bin/bash


              Note that for both usernames a and b, the third column is 1001 -- that's the uid / user ID. Now, if user a or user b logs in (even with different passwords), they'll both be "user 1001", and show as user a from the OS' perspective. Here too, the first matching entry is the one returned (in most cases):



              $ ssh a@host
              Password: <a's password>
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)

              $ ssh b@host
              Password: <b's password>
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)


              Both a and b are uid 1001 and will have access to the resources available to uid 1001.






              share|improve this answer























              • why doesn't it check for duplicated usernames when creating a new one?
                – phuclv
                Jun 21 at 2:18






              • 8




                Note that I think even the most baseline useradd will throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit /etc/passwd and /etc/shadow which is very much Don't Try This At Home territory.
                – Shadur
                Jun 21 at 7:35










              • "There will be no way to log in as the second user with the same name." Couldn't you still call setuid with the second UID? Or even sudo -u '#<uid>' bash?
                – jazzpi
                Jun 21 at 12:46






              • 1




                @jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
                – Michael Kjörling
                Jun 21 at 13:41














              up vote
              21
              down vote













              If you force there to exist multiple users with the same username, then there will be multiple entries in /etc/shadow,passwd with the same name:



              $ cat /etc/passwd
              ...
              a:x:1001:1002::/home/a:/bin/bash
              a:x:1002:1003::/home/b:/bin/bash

              # cat /etc/shadow
              a:...:17702:0:99999:7:::
              a:...:17702:0:99999:7:::


              If you try to log in as that user, you'll log in as the first match.



              $ ssh a@<host>
              Password:
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)
              $ pwd
              /home/a


              There will be no way to log in as the second user with the same name.



              Note that Linux tracks users by their uid, not by their username.



              It would be possible, however, to have two different usernames be the same user ID. Consider a different version of /etc/passwd:



              $ cat /etc/passwd
              ...
              a:x:1001:1002::/home/a:/bin/bash
              b:x:1001:1002::/home/b:/bin/bash


              Note that for both usernames a and b, the third column is 1001 -- that's the uid / user ID. Now, if user a or user b logs in (even with different passwords), they'll both be "user 1001", and show as user a from the OS' perspective. Here too, the first matching entry is the one returned (in most cases):



              $ ssh a@host
              Password: <a's password>
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)

              $ ssh b@host
              Password: <b's password>
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)


              Both a and b are uid 1001 and will have access to the resources available to uid 1001.






              share|improve this answer























              • why doesn't it check for duplicated usernames when creating a new one?
                – phuclv
                Jun 21 at 2:18






              • 8




                Note that I think even the most baseline useradd will throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit /etc/passwd and /etc/shadow which is very much Don't Try This At Home territory.
                – Shadur
                Jun 21 at 7:35










              • "There will be no way to log in as the second user with the same name." Couldn't you still call setuid with the second UID? Or even sudo -u '#<uid>' bash?
                – jazzpi
                Jun 21 at 12:46






              • 1




                @jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
                – Michael Kjörling
                Jun 21 at 13:41












              up vote
              21
              down vote










              up vote
              21
              down vote









              If you force there to exist multiple users with the same username, then there will be multiple entries in /etc/shadow,passwd with the same name:



              $ cat /etc/passwd
              ...
              a:x:1001:1002::/home/a:/bin/bash
              a:x:1002:1003::/home/b:/bin/bash

              # cat /etc/shadow
              a:...:17702:0:99999:7:::
              a:...:17702:0:99999:7:::


              If you try to log in as that user, you'll log in as the first match.



              $ ssh a@<host>
              Password:
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)
              $ pwd
              /home/a


              There will be no way to log in as the second user with the same name.



              Note that Linux tracks users by their uid, not by their username.



              It would be possible, however, to have two different usernames be the same user ID. Consider a different version of /etc/passwd:



              $ cat /etc/passwd
              ...
              a:x:1001:1002::/home/a:/bin/bash
              b:x:1001:1002::/home/b:/bin/bash


              Note that for both usernames a and b, the third column is 1001 -- that's the uid / user ID. Now, if user a or user b logs in (even with different passwords), they'll both be "user 1001", and show as user a from the OS' perspective. Here too, the first matching entry is the one returned (in most cases):



              $ ssh a@host
              Password: <a's password>
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)

              $ ssh b@host
              Password: <b's password>
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)


              Both a and b are uid 1001 and will have access to the resources available to uid 1001.






              share|improve this answer















              If you force there to exist multiple users with the same username, then there will be multiple entries in /etc/shadow,passwd with the same name:



              $ cat /etc/passwd
              ...
              a:x:1001:1002::/home/a:/bin/bash
              a:x:1002:1003::/home/b:/bin/bash

              # cat /etc/shadow
              a:...:17702:0:99999:7:::
              a:...:17702:0:99999:7:::


              If you try to log in as that user, you'll log in as the first match.



              $ ssh a@<host>
              Password:
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)
              $ pwd
              /home/a


              There will be no way to log in as the second user with the same name.



              Note that Linux tracks users by their uid, not by their username.



              It would be possible, however, to have two different usernames be the same user ID. Consider a different version of /etc/passwd:



              $ cat /etc/passwd
              ...
              a:x:1001:1002::/home/a:/bin/bash
              b:x:1001:1002::/home/b:/bin/bash


              Note that for both usernames a and b, the third column is 1001 -- that's the uid / user ID. Now, if user a or user b logs in (even with different passwords), they'll both be "user 1001", and show as user a from the OS' perspective. Here too, the first matching entry is the one returned (in most cases):



              $ ssh a@host
              Password: <a's password>
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)

              $ ssh b@host
              Password: <b's password>
              $ id
              uid=1001(a) gid=1002(a) groups=1002(a)


              Both a and b are uid 1001 and will have access to the resources available to uid 1001.







              share|improve this answer















              share|improve this answer



              share|improve this answer








              edited Jun 21 at 12:36









              mikemaccana

              881612




              881612











              answered Jun 20 at 21:22









              Andy Dalton

              4,7561520




              4,7561520











              • why doesn't it check for duplicated usernames when creating a new one?
                – phuclv
                Jun 21 at 2:18






              • 8




                Note that I think even the most baseline useradd will throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit /etc/passwd and /etc/shadow which is very much Don't Try This At Home territory.
                – Shadur
                Jun 21 at 7:35










              • "There will be no way to log in as the second user with the same name." Couldn't you still call setuid with the second UID? Or even sudo -u '#<uid>' bash?
                – jazzpi
                Jun 21 at 12:46






              • 1




                @jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
                – Michael Kjörling
                Jun 21 at 13:41
















              • why doesn't it check for duplicated usernames when creating a new one?
                – phuclv
                Jun 21 at 2:18






              • 8




                Note that I think even the most baseline useradd will throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit /etc/passwd and /etc/shadow which is very much Don't Try This At Home territory.
                – Shadur
                Jun 21 at 7:35










              • "There will be no way to log in as the second user with the same name." Couldn't you still call setuid with the second UID? Or even sudo -u '#<uid>' bash?
                – jazzpi
                Jun 21 at 12:46






              • 1




                @jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
                – Michael Kjörling
                Jun 21 at 13:41















              why doesn't it check for duplicated usernames when creating a new one?
              – phuclv
              Jun 21 at 2:18




              why doesn't it check for duplicated usernames when creating a new one?
              – phuclv
              Jun 21 at 2:18




              8




              8




              Note that I think even the most baseline useradd will throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit /etc/passwd and /etc/shadow which is very much Don't Try This At Home territory.
              – Shadur
              Jun 21 at 7:35




              Note that I think even the most baseline useradd will throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit /etc/passwd and /etc/shadow which is very much Don't Try This At Home territory.
              – Shadur
              Jun 21 at 7:35












              "There will be no way to log in as the second user with the same name." Couldn't you still call setuid with the second UID? Or even sudo -u '#<uid>' bash?
              – jazzpi
              Jun 21 at 12:46




              "There will be no way to log in as the second user with the same name." Couldn't you still call setuid with the second UID? Or even sudo -u '#<uid>' bash?
              – jazzpi
              Jun 21 at 12:46




              1




              1




              @jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
              – Michael Kjörling
              Jun 21 at 13:41




              @jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
              – Michael Kjörling
              Jun 21 at 13:41










              up vote
              3
              down vote














              I was considering to rename my home /home/old-arch before reinstalling the system. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.




              If you have a single-user system and do a reinstall with the same, or a similar distribution, it's very likely that your user account will have the same user id, and hence be the same user from the kernel's perspective. For example, the user created during installation has been UID 1000 on Debian systems as far as I can remember. Other systems might use some other number, but it's very likely to be some small-ish integer that's the same on every install.



              The same applies to other users too (if you have any) since the UIDs are usually allocated sequentially. The third user created is likely to have the same UID as the third user created on another system. You'd need to take steps beforehand to make sure that the UIDs aren't being reused on both systems.



              For similar reasons, anything using NFS will need to have a shared user database.



              But in this case, since it's your personal system you can just login as root and run chown newuser. -R /home/olduser even if the UID were to be different.



              (Windows systems are different, they generate that longish ID string that's more random. There, if you move a disk to another machine, the files will be seen owned by an unknown user, and you won't have access without using administrator powers.



              Also, I said "likely" a lot in the above. There's no telling if some distribution behaves differently. Modern Linux also supports 32-bit UIDs, so while that's not nearly as long as Windows SIDs, there's still some space to use if one wants to have e.g. randomized UIDs. Usually, there's not much use for that, though. The system administrator is supposed to know what disks they attach to the system and to adjust the file ownerships accordingly, or make the mountpoint inaccessible to other users.)






              share|improve this answer

























                up vote
                3
                down vote














                I was considering to rename my home /home/old-arch before reinstalling the system. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.




                If you have a single-user system and do a reinstall with the same, or a similar distribution, it's very likely that your user account will have the same user id, and hence be the same user from the kernel's perspective. For example, the user created during installation has been UID 1000 on Debian systems as far as I can remember. Other systems might use some other number, but it's very likely to be some small-ish integer that's the same on every install.



                The same applies to other users too (if you have any) since the UIDs are usually allocated sequentially. The third user created is likely to have the same UID as the third user created on another system. You'd need to take steps beforehand to make sure that the UIDs aren't being reused on both systems.



                For similar reasons, anything using NFS will need to have a shared user database.



                But in this case, since it's your personal system you can just login as root and run chown newuser. -R /home/olduser even if the UID were to be different.



                (Windows systems are different, they generate that longish ID string that's more random. There, if you move a disk to another machine, the files will be seen owned by an unknown user, and you won't have access without using administrator powers.



                Also, I said "likely" a lot in the above. There's no telling if some distribution behaves differently. Modern Linux also supports 32-bit UIDs, so while that's not nearly as long as Windows SIDs, there's still some space to use if one wants to have e.g. randomized UIDs. Usually, there's not much use for that, though. The system administrator is supposed to know what disks they attach to the system and to adjust the file ownerships accordingly, or make the mountpoint inaccessible to other users.)






                share|improve this answer























                  up vote
                  3
                  down vote










                  up vote
                  3
                  down vote










                  I was considering to rename my home /home/old-arch before reinstalling the system. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.




                  If you have a single-user system and do a reinstall with the same, or a similar distribution, it's very likely that your user account will have the same user id, and hence be the same user from the kernel's perspective. For example, the user created during installation has been UID 1000 on Debian systems as far as I can remember. Other systems might use some other number, but it's very likely to be some small-ish integer that's the same on every install.



                  The same applies to other users too (if you have any) since the UIDs are usually allocated sequentially. The third user created is likely to have the same UID as the third user created on another system. You'd need to take steps beforehand to make sure that the UIDs aren't being reused on both systems.



                  For similar reasons, anything using NFS will need to have a shared user database.



                  But in this case, since it's your personal system you can just login as root and run chown newuser. -R /home/olduser even if the UID were to be different.



                  (Windows systems are different, they generate that longish ID string that's more random. There, if you move a disk to another machine, the files will be seen owned by an unknown user, and you won't have access without using administrator powers.



                  Also, I said "likely" a lot in the above. There's no telling if some distribution behaves differently. Modern Linux also supports 32-bit UIDs, so while that's not nearly as long as Windows SIDs, there's still some space to use if one wants to have e.g. randomized UIDs. Usually, there's not much use for that, though. The system administrator is supposed to know what disks they attach to the system and to adjust the file ownerships accordingly, or make the mountpoint inaccessible to other users.)






                  share|improve this answer














                  I was considering to rename my home /home/old-arch before reinstalling the system. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.




                  If you have a single-user system and do a reinstall with the same, or a similar distribution, it's very likely that your user account will have the same user id, and hence be the same user from the kernel's perspective. For example, the user created during installation has been UID 1000 on Debian systems as far as I can remember. Other systems might use some other number, but it's very likely to be some small-ish integer that's the same on every install.



                  The same applies to other users too (if you have any) since the UIDs are usually allocated sequentially. The third user created is likely to have the same UID as the third user created on another system. You'd need to take steps beforehand to make sure that the UIDs aren't being reused on both systems.



                  For similar reasons, anything using NFS will need to have a shared user database.



                  But in this case, since it's your personal system you can just login as root and run chown newuser. -R /home/olduser even if the UID were to be different.



                  (Windows systems are different, they generate that longish ID string that's more random. There, if you move a disk to another machine, the files will be seen owned by an unknown user, and you won't have access without using administrator powers.



                  Also, I said "likely" a lot in the above. There's no telling if some distribution behaves differently. Modern Linux also supports 32-bit UIDs, so while that's not nearly as long as Windows SIDs, there's still some space to use if one wants to have e.g. randomized UIDs. Usually, there's not much use for that, though. The system administrator is supposed to know what disks they attach to the system and to adjust the file ownerships accordingly, or make the mountpoint inaccessible to other users.)







                  share|improve this answer













                  share|improve this answer



                  share|improve this answer











                  answered Jun 21 at 9:14









                  ilkkachu

                  47.4k668130




                  47.4k668130




















                      up vote
                      1
                      down vote













                      Unix is a very old system, an era where storage capacities were very tiny, and everything — as well files as users — were identified by numbers. Names came later, after storage had grown a little bit.



                      A virtue of this system is that names are only labels hooked to the real handles: the numeric IDs. So you can have several names for one user (in editing /etc/passwd directly), as well as several names for one file (useful to store the file only once, but see it at several locations).



                      Limits are the system for the user, and the partition for the file.



                      I say that just to clarify, to explain why things are what they are.



                      I must confess I have never tried the opposite way — a same name with different IDs — I had always thought it was not possible. Is it? Not as a bug?






                      share|improve this answer

















                      • 1




                        So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
                        – Doug O'Neal
                        Jun 21 at 13:02










                      • Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
                        – ypouplard
                        Jun 21 at 14:26






                      • 1




                        @DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
                        – cHao
                        Jun 21 at 14:26







                      • 3




                        @ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
                        – Doug O'Neal
                        Jun 21 at 16:32














                      up vote
                      1
                      down vote













                      Unix is a very old system, an era where storage capacities were very tiny, and everything — as well files as users — were identified by numbers. Names came later, after storage had grown a little bit.



                      A virtue of this system is that names are only labels hooked to the real handles: the numeric IDs. So you can have several names for one user (in editing /etc/passwd directly), as well as several names for one file (useful to store the file only once, but see it at several locations).



                      Limits are the system for the user, and the partition for the file.



                      I say that just to clarify, to explain why things are what they are.



                      I must confess I have never tried the opposite way — a same name with different IDs — I had always thought it was not possible. Is it? Not as a bug?






                      share|improve this answer

















                      • 1




                        So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
                        – Doug O'Neal
                        Jun 21 at 13:02










                      • Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
                        – ypouplard
                        Jun 21 at 14:26






                      • 1




                        @DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
                        – cHao
                        Jun 21 at 14:26







                      • 3




                        @ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
                        – Doug O'Neal
                        Jun 21 at 16:32












                      up vote
                      1
                      down vote










                      up vote
                      1
                      down vote









                      Unix is a very old system, an era where storage capacities were very tiny, and everything — as well files as users — were identified by numbers. Names came later, after storage had grown a little bit.



                      A virtue of this system is that names are only labels hooked to the real handles: the numeric IDs. So you can have several names for one user (in editing /etc/passwd directly), as well as several names for one file (useful to store the file only once, but see it at several locations).



                      Limits are the system for the user, and the partition for the file.



                      I say that just to clarify, to explain why things are what they are.



                      I must confess I have never tried the opposite way — a same name with different IDs — I had always thought it was not possible. Is it? Not as a bug?






                      share|improve this answer













                      Unix is a very old system, an era where storage capacities were very tiny, and everything — as well files as users — were identified by numbers. Names came later, after storage had grown a little bit.



                      A virtue of this system is that names are only labels hooked to the real handles: the numeric IDs. So you can have several names for one user (in editing /etc/passwd directly), as well as several names for one file (useful to store the file only once, but see it at several locations).



                      Limits are the system for the user, and the partition for the file.



                      I say that just to clarify, to explain why things are what they are.



                      I must confess I have never tried the opposite way — a same name with different IDs — I had always thought it was not possible. Is it? Not as a bug?







                      share|improve this answer













                      share|improve this answer



                      share|improve this answer











                      answered Jun 21 at 9:08









                      ypouplard

                      114




                      114







                      • 1




                        So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
                        – Doug O'Neal
                        Jun 21 at 13:02










                      • Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
                        – ypouplard
                        Jun 21 at 14:26






                      • 1




                        @DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
                        – cHao
                        Jun 21 at 14:26







                      • 3




                        @ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
                        – Doug O'Neal
                        Jun 21 at 16:32












                      • 1




                        So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
                        – Doug O'Neal
                        Jun 21 at 13:02










                      • Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
                        – ypouplard
                        Jun 21 at 14:26






                      • 1




                        @DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
                        – cHao
                        Jun 21 at 14:26







                      • 3




                        @ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
                        – Doug O'Neal
                        Jun 21 at 16:32







                      1




                      1




                      So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
                      – Doug O'Neal
                      Jun 21 at 13:02




                      So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
                      – Doug O'Neal
                      Jun 21 at 13:02












                      Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
                      – ypouplard
                      Jun 21 at 14:26




                      Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
                      – ypouplard
                      Jun 21 at 14:26




                      1




                      1




                      @DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
                      – cHao
                      Jun 21 at 14:26





                      @DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
                      – cHao
                      Jun 21 at 14:26





                      3




                      3




                      @ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
                      – Doug O'Neal
                      Jun 21 at 16:32




                      @ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
                      – Doug O'Neal
                      Jun 21 at 16:32












                       

                      draft saved


                      draft discarded


























                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f450973%2fhow-does-linux-identify-users%23new-answer', 'question_page');

                      );

                      Post as a guest













































































                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?