How does Linux identify users?
Clash Royale CLAN TAG#URR8PPP
up vote
8
down vote
favorite
I mean, if two users have the same name, how does the system know that they're actually different users when it enforces file permissions?
This doubt came to my mind while I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.
permissions users authentication multiuser
asked Jun 20 at 21:03
Arch Stanton
153213
 |Â
show 7 more comments
up vote
8
down vote
favorite
I mean, if two users have the same name, how does the system know that they're actually different users when it enforces file permissions?
This doubt came to my mind while I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.
permissions users authentication multiuser
asked Jun 20 at 21:03
Arch Stanton
153213
12
The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
– Ignacio Vazquez-Abrams
Jun 20 at 21:06
6
UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output ofls -n.
– DopeGhoti
Jun 20 at 21:10
5
"Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
– Ignacio Vazquez-Abrams
Jun 20 at 21:11
1
@IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home/home/old-archbefore reinstalling the system (I have/homeon its own partition and I don't format it), so that I could then have a new, pristine/home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a differentarch.
– Arch Stanton
Jun 20 at 21:17
1
I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
– Time4Tea
Jun 20 at 21:51
 |Â
show 7 more comments
up vote
8
down vote
favorite
up vote
8
down vote
favorite
I mean, if two users have the same name, how does the system know that they're actually different users when it enforces file permissions?
This doubt came to my mind while I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.
permissions users authentication multiuser
asked Jun 20 at 21:03
Arch Stanton
153213
I mean, if two users have the same name, how does the system know that they're actually different users when it enforces file permissions?
This doubt came to my mind while I was considering to rename my home /home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.
permissions users authentication multiuser
asked Jun 20 at 21:03
Arch Stanton
153213
edited Jun 21 at 8:37
asked Jun 20 at 21:03
Arch Stanton
153213
asked Jun 20 at 21:03
Arch Stanton
153213
asked Jun 20 at 21:03
Arch Stanton
153213
153213
12
The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
– Ignacio Vazquez-Abrams
Jun 20 at 21:06
6
UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output ofls -n.
– DopeGhoti
Jun 20 at 21:10
5
"Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
– Ignacio Vazquez-Abrams
Jun 20 at 21:11
1
@IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home/home/old-archbefore reinstalling the system (I have/homeon its own partition and I don't format it), so that I could then have a new, pristine/home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a differentarch.
– Arch Stanton
Jun 20 at 21:17
1
I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
– Time4Tea
Jun 20 at 21:51
 |Â
show 7 more comments
12
The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
– Ignacio Vazquez-Abrams
Jun 20 at 21:06
6
UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output ofls -n.
– DopeGhoti
Jun 20 at 21:10
5
"Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
– Ignacio Vazquez-Abrams
Jun 20 at 21:11
1
@IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home/home/old-archbefore reinstalling the system (I have/homeon its own partition and I don't format it), so that I could then have a new, pristine/home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a differentarch.
– Arch Stanton
Jun 20 at 21:17
1
I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
– Time4Tea
Jun 20 at 21:51
12
12
The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
– Ignacio Vazquez-Abrams
Jun 20 at 21:06
The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
– Ignacio Vazquez-Abrams
Jun 20 at 21:06
6
6
UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output of
ls -n.– DopeGhoti
Jun 20 at 21:10
UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output of
ls -n.– DopeGhoti
Jun 20 at 21:10
5
5
"Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
– Ignacio Vazquez-Abrams
Jun 20 at 21:11
"Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
– Ignacio Vazquez-Abrams
Jun 20 at 21:11
1
1
@IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home
/home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a different arch.– Arch Stanton
Jun 20 at 21:17
@IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home
/home/old-arch before reinstalling the system (I have /home on its own partition and I don't format it), so that I could then have a new, pristine /home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a different arch.– Arch Stanton
Jun 20 at 21:17
1
1
I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
– Time4Tea
Jun 20 at 21:51
I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
– Time4Tea
Jun 20 at 21:51
 |Â
show 7 more comments
4 Answers
4
active
oldest
votes
up vote
9
down vote
accepted
In Unix, users are identified by their ID (uid), which must be unique (in the scope of the local system).
So even if it were possible to create 2 different users with the same name
(adduser on my system refuses to do this, see this question for further information Can separate unix accounts share a username but have separate passwords?), they would need to get different uids. While you may be able to manipulate files containing the user information to match your criteria, every program is based on the assumption that uids are unique on the system, so such users would be identical.
EDIT: The other answer demonstrated a case where you have 2 different user names for the same uid - as far as the system is concerned though, this is like having two different names for the same user, so constructs like this should be avoided if possible, unless you specifically want to create an alias for a user on the system (see the unix user alias question on
serverfault for more information on the technicalities).
The system uses these uids to enforce file permissions.
The uid and gid (group id) of the user the file belongs to are written into the metadata of the file. If you carry the disk to another computer with a different user that randomly shares the same uid, the file will suddenly belong to this user on that system. Knowing that uids are usually
not more than 16-bit integers on a unix system, this shows that the uids
are not meant to be globally unique, only unique in scope of the local system.
answered Jun 20 at 21:24
Lollen Jumplan
1709
add a comment |Â
up vote
21
down vote
If you force there to exist multiple users with the same username, then there will be multiple entries in /etc/shadow,passwd with the same name:
$ cat /etc/passwd
...
a:x:1001:1002::/home/a:/bin/bash
a:x:1002:1003::/home/b:/bin/bash
# cat /etc/shadow
a:...:17702:0:99999:7:::
a:...:17702:0:99999:7:::
If you try to log in as that user, you'll log in as the first match.
$ ssh a@<host>
Password:
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
$ pwd
/home/a
There will be no way to log in as the second user with the same name.
Note that Linux tracks users by their uid, not by their username.
It would be possible, however, to have two different usernames be the same user ID. Consider a different version of /etc/passwd:
$ cat /etc/passwd
...
a:x:1001:1002::/home/a:/bin/bash
b:x:1001:1002::/home/b:/bin/bash
Note that for both usernames a and b, the third column is 1001 -- that's the uid / user ID. Now, if user a or user b logs in (even with different passwords), they'll both be "user 1001", and show as user a from the OS' perspective. Here too, the first matching entry is the one returned (in most cases):
$ ssh a@host
Password: <a's password>
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
$ ssh b@host
Password: <b's password>
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
Both a and b are uid 1001 and will have access to the resources available to uid 1001.
edited Jun 21 at 12:36
mikemaccana
881612
answered Jun 20 at 21:22
Andy Dalton
4,7561520
why doesn't it check for duplicated usernames when creating a new one?
– phuclv
Jun 21 at 2:18
8
Note that I think even the most baselineuseraddwill throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit/etc/passwdand/etc/shadowwhich is very much Don't Try This At Home territory.
– Shadur
Jun 21 at 7:35
"There will be no way to log in as the second user with the same name." Couldn't you still callsetuidwith the second UID? Or evensudo -u '#<uid>' bash?
– jazzpi
Jun 21 at 12:46
1
@jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
– Michael Kjörling
Jun 21 at 13:41
add a comment |Â
up vote
3
down vote
I was considering to rename my home
/home/old-archbefore reinstalling the system. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.
If you have a single-user system and do a reinstall with the same, or a similar distribution, it's very likely that your user account will have the same user id, and hence be the same user from the kernel's perspective. For example, the user created during installation has been UID 1000 on Debian systems as far as I can remember. Other systems might use some other number, but it's very likely to be some small-ish integer that's the same on every install.
The same applies to other users too (if you have any) since the UIDs are usually allocated sequentially. The third user created is likely to have the same UID as the third user created on another system. You'd need to take steps beforehand to make sure that the UIDs aren't being reused on both systems.
For similar reasons, anything using NFS will need to have a shared user database.
But in this case, since it's your personal system you can just login as root and run chown newuser. -R /home/olduser even if the UID were to be different.
(Windows systems are different, they generate that longish ID string that's more random. There, if you move a disk to another machine, the files will be seen owned by an unknown user, and you won't have access without using administrator powers.
Also, I said "likely" a lot in the above. There's no telling if some distribution behaves differently. Modern Linux also supports 32-bit UIDs, so while that's not nearly as long as Windows SIDs, there's still some space to use if one wants to have e.g. randomized UIDs. Usually, there's not much use for that, though. The system administrator is supposed to know what disks they attach to the system and to adjust the file ownerships accordingly, or make the mountpoint inaccessible to other users.)
answered Jun 21 at 9:14
ilkkachu
47.4k668130
add a comment |Â
up vote
1
down vote
Unix is a very old system, an era where storage capacities were very tiny, and everything — as well files as users — were identified by numbers. Names came later, after storage had grown a little bit.
A virtue of this system is that names are only labels hooked to the real handles: the numeric IDs. So you can have several names for one user (in editing /etc/passwd directly), as well as several names for one file (useful to store the file only once, but see it at several locations).
Limits are the system for the user, and the partition for the file.
I say that just to clarify, to explain why things are what they are.
I must confess I have never tried the opposite way — a same name with different IDs — I had always thought it was not possible. Is it? Not as a bug?
answered Jun 21 at 9:08
ypouplard
114
1
So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
– Doug O'Neal
Jun 21 at 13:02
Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
– ypouplard
Jun 21 at 14:26
1
@DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
– cHao
Jun 21 at 14:26
3
@ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
– Doug O'Neal
Jun 21 at 16:32
add a comment |Â
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
9
down vote
accepted
In Unix, users are identified by their ID (uid), which must be unique (in the scope of the local system).
So even if it were possible to create 2 different users with the same name
(adduser on my system refuses to do this, see this question for further information Can separate unix accounts share a username but have separate passwords?), they would need to get different uids. While you may be able to manipulate files containing the user information to match your criteria, every program is based on the assumption that uids are unique on the system, so such users would be identical.
EDIT: The other answer demonstrated a case where you have 2 different user names for the same uid - as far as the system is concerned though, this is like having two different names for the same user, so constructs like this should be avoided if possible, unless you specifically want to create an alias for a user on the system (see the unix user alias question on
serverfault for more information on the technicalities).
The system uses these uids to enforce file permissions.
The uid and gid (group id) of the user the file belongs to are written into the metadata of the file. If you carry the disk to another computer with a different user that randomly shares the same uid, the file will suddenly belong to this user on that system. Knowing that uids are usually
not more than 16-bit integers on a unix system, this shows that the uids
are not meant to be globally unique, only unique in scope of the local system.
answered Jun 20 at 21:24
Lollen Jumplan
1709
add a comment |Â
up vote
9
down vote
accepted
In Unix, users are identified by their ID (uid), which must be unique (in the scope of the local system).
So even if it were possible to create 2 different users with the same name
(adduser on my system refuses to do this, see this question for further information Can separate unix accounts share a username but have separate passwords?), they would need to get different uids. While you may be able to manipulate files containing the user information to match your criteria, every program is based on the assumption that uids are unique on the system, so such users would be identical.
EDIT: The other answer demonstrated a case where you have 2 different user names for the same uid - as far as the system is concerned though, this is like having two different names for the same user, so constructs like this should be avoided if possible, unless you specifically want to create an alias for a user on the system (see the unix user alias question on
serverfault for more information on the technicalities).
The system uses these uids to enforce file permissions.
The uid and gid (group id) of the user the file belongs to are written into the metadata of the file. If you carry the disk to another computer with a different user that randomly shares the same uid, the file will suddenly belong to this user on that system. Knowing that uids are usually
not more than 16-bit integers on a unix system, this shows that the uids
are not meant to be globally unique, only unique in scope of the local system.
answered Jun 20 at 21:24
Lollen Jumplan
1709
add a comment |Â
up vote
9
down vote
accepted
up vote
9
down vote
accepted
In Unix, users are identified by their ID (uid), which must be unique (in the scope of the local system).
So even if it were possible to create 2 different users with the same name
(adduser on my system refuses to do this, see this question for further information Can separate unix accounts share a username but have separate passwords?), they would need to get different uids. While you may be able to manipulate files containing the user information to match your criteria, every program is based on the assumption that uids are unique on the system, so such users would be identical.
EDIT: The other answer demonstrated a case where you have 2 different user names for the same uid - as far as the system is concerned though, this is like having two different names for the same user, so constructs like this should be avoided if possible, unless you specifically want to create an alias for a user on the system (see the unix user alias question on
serverfault for more information on the technicalities).
The system uses these uids to enforce file permissions.
The uid and gid (group id) of the user the file belongs to are written into the metadata of the file. If you carry the disk to another computer with a different user that randomly shares the same uid, the file will suddenly belong to this user on that system. Knowing that uids are usually
not more than 16-bit integers on a unix system, this shows that the uids
are not meant to be globally unique, only unique in scope of the local system.
answered Jun 20 at 21:24
Lollen Jumplan
1709
In Unix, users are identified by their ID (uid), which must be unique (in the scope of the local system).
So even if it were possible to create 2 different users with the same name
(adduser on my system refuses to do this, see this question for further information Can separate unix accounts share a username but have separate passwords?), they would need to get different uids. While you may be able to manipulate files containing the user information to match your criteria, every program is based on the assumption that uids are unique on the system, so such users would be identical.
EDIT: The other answer demonstrated a case where you have 2 different user names for the same uid - as far as the system is concerned though, this is like having two different names for the same user, so constructs like this should be avoided if possible, unless you specifically want to create an alias for a user on the system (see the unix user alias question on
serverfault for more information on the technicalities).
The system uses these uids to enforce file permissions.
The uid and gid (group id) of the user the file belongs to are written into the metadata of the file. If you carry the disk to another computer with a different user that randomly shares the same uid, the file will suddenly belong to this user on that system. Knowing that uids are usually
not more than 16-bit integers on a unix system, this shows that the uids
are not meant to be globally unique, only unique in scope of the local system.
answered Jun 20 at 21:24
Lollen Jumplan
1709
edited Jun 21 at 14:12
answered Jun 20 at 21:24
Lollen Jumplan
1709
answered Jun 20 at 21:24
Lollen Jumplan
1709
answered Jun 20 at 21:24
Lollen Jumplan
1709
1709
add a comment |Â
add a comment |Â
up vote
21
down vote
If you force there to exist multiple users with the same username, then there will be multiple entries in /etc/shadow,passwd with the same name:
$ cat /etc/passwd
...
a:x:1001:1002::/home/a:/bin/bash
a:x:1002:1003::/home/b:/bin/bash
# cat /etc/shadow
a:...:17702:0:99999:7:::
a:...:17702:0:99999:7:::
If you try to log in as that user, you'll log in as the first match.
$ ssh a@<host>
Password:
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
$ pwd
/home/a
There will be no way to log in as the second user with the same name.
Note that Linux tracks users by their uid, not by their username.
It would be possible, however, to have two different usernames be the same user ID. Consider a different version of /etc/passwd:
$ cat /etc/passwd
...
a:x:1001:1002::/home/a:/bin/bash
b:x:1001:1002::/home/b:/bin/bash
Note that for both usernames a and b, the third column is 1001 -- that's the uid / user ID. Now, if user a or user b logs in (even with different passwords), they'll both be "user 1001", and show as user a from the OS' perspective. Here too, the first matching entry is the one returned (in most cases):
$ ssh a@host
Password: <a's password>
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
$ ssh b@host
Password: <b's password>
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
Both a and b are uid 1001 and will have access to the resources available to uid 1001.
edited Jun 21 at 12:36
mikemaccana
881612
answered Jun 20 at 21:22
Andy Dalton
4,7561520
why doesn't it check for duplicated usernames when creating a new one?
– phuclv
Jun 21 at 2:18
8
Note that I think even the most baselineuseraddwill throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit/etc/passwdand/etc/shadowwhich is very much Don't Try This At Home territory.
– Shadur
Jun 21 at 7:35
"There will be no way to log in as the second user with the same name." Couldn't you still callsetuidwith the second UID? Or evensudo -u '#<uid>' bash?
– jazzpi
Jun 21 at 12:46
1
@jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
– Michael Kjörling
Jun 21 at 13:41
add a comment |Â
up vote
21
down vote
If you force there to exist multiple users with the same username, then there will be multiple entries in /etc/shadow,passwd with the same name:
$ cat /etc/passwd
...
a:x:1001:1002::/home/a:/bin/bash
a:x:1002:1003::/home/b:/bin/bash
# cat /etc/shadow
a:...:17702:0:99999:7:::
a:...:17702:0:99999:7:::
If you try to log in as that user, you'll log in as the first match.
$ ssh a@<host>
Password:
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
$ pwd
/home/a
There will be no way to log in as the second user with the same name.
Note that Linux tracks users by their uid, not by their username.
It would be possible, however, to have two different usernames be the same user ID. Consider a different version of /etc/passwd:
$ cat /etc/passwd
...
a:x:1001:1002::/home/a:/bin/bash
b:x:1001:1002::/home/b:/bin/bash
Note that for both usernames a and b, the third column is 1001 -- that's the uid / user ID. Now, if user a or user b logs in (even with different passwords), they'll both be "user 1001", and show as user a from the OS' perspective. Here too, the first matching entry is the one returned (in most cases):
$ ssh a@host
Password: <a's password>
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
$ ssh b@host
Password: <b's password>
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
Both a and b are uid 1001 and will have access to the resources available to uid 1001.
edited Jun 21 at 12:36
mikemaccana
881612
answered Jun 20 at 21:22
Andy Dalton
4,7561520
why doesn't it check for duplicated usernames when creating a new one?
– phuclv
Jun 21 at 2:18
8
Note that I think even the most baselineuseraddwill throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit/etc/passwdand/etc/shadowwhich is very much Don't Try This At Home territory.
– Shadur
Jun 21 at 7:35
"There will be no way to log in as the second user with the same name." Couldn't you still callsetuidwith the second UID? Or evensudo -u '#<uid>' bash?
– jazzpi
Jun 21 at 12:46
1
@jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
– Michael Kjörling
Jun 21 at 13:41
add a comment |Â
up vote
21
down vote
up vote
21
down vote
If you force there to exist multiple users with the same username, then there will be multiple entries in /etc/shadow,passwd with the same name:
$ cat /etc/passwd
...
a:x:1001:1002::/home/a:/bin/bash
a:x:1002:1003::/home/b:/bin/bash
# cat /etc/shadow
a:...:17702:0:99999:7:::
a:...:17702:0:99999:7:::
If you try to log in as that user, you'll log in as the first match.
$ ssh a@<host>
Password:
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
$ pwd
/home/a
There will be no way to log in as the second user with the same name.
Note that Linux tracks users by their uid, not by their username.
It would be possible, however, to have two different usernames be the same user ID. Consider a different version of /etc/passwd:
$ cat /etc/passwd
...
a:x:1001:1002::/home/a:/bin/bash
b:x:1001:1002::/home/b:/bin/bash
Note that for both usernames a and b, the third column is 1001 -- that's the uid / user ID. Now, if user a or user b logs in (even with different passwords), they'll both be "user 1001", and show as user a from the OS' perspective. Here too, the first matching entry is the one returned (in most cases):
$ ssh a@host
Password: <a's password>
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
$ ssh b@host
Password: <b's password>
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
Both a and b are uid 1001 and will have access to the resources available to uid 1001.
edited Jun 21 at 12:36
mikemaccana
881612
answered Jun 20 at 21:22
Andy Dalton
4,7561520
If you force there to exist multiple users with the same username, then there will be multiple entries in /etc/shadow,passwd with the same name:
$ cat /etc/passwd
...
a:x:1001:1002::/home/a:/bin/bash
a:x:1002:1003::/home/b:/bin/bash
# cat /etc/shadow
a:...:17702:0:99999:7:::
a:...:17702:0:99999:7:::
If you try to log in as that user, you'll log in as the first match.
$ ssh a@<host>
Password:
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
$ pwd
/home/a
There will be no way to log in as the second user with the same name.
Note that Linux tracks users by their uid, not by their username.
It would be possible, however, to have two different usernames be the same user ID. Consider a different version of /etc/passwd:
$ cat /etc/passwd
...
a:x:1001:1002::/home/a:/bin/bash
b:x:1001:1002::/home/b:/bin/bash
Note that for both usernames a and b, the third column is 1001 -- that's the uid / user ID. Now, if user a or user b logs in (even with different passwords), they'll both be "user 1001", and show as user a from the OS' perspective. Here too, the first matching entry is the one returned (in most cases):
$ ssh a@host
Password: <a's password>
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
$ ssh b@host
Password: <b's password>
$ id
uid=1001(a) gid=1002(a) groups=1002(a)
Both a and b are uid 1001 and will have access to the resources available to uid 1001.
edited Jun 21 at 12:36
mikemaccana
881612
answered Jun 20 at 21:22
Andy Dalton
4,7561520
edited Jun 21 at 12:36
mikemaccana
881612
edited Jun 21 at 12:36
mikemaccana
881612
edited Jun 21 at 12:36
mikemaccana
881612
881612
answered Jun 20 at 21:22
Andy Dalton
4,7561520
answered Jun 20 at 21:22
Andy Dalton
4,7561520
answered Jun 20 at 21:22
Andy Dalton
4,7561520
4,7561520
why doesn't it check for duplicated usernames when creating a new one?
– phuclv
Jun 21 at 2:18
8
Note that I think even the most baselineuseraddwill throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit/etc/passwdand/etc/shadowwhich is very much Don't Try This At Home territory.
– Shadur
Jun 21 at 7:35
"There will be no way to log in as the second user with the same name." Couldn't you still callsetuidwith the second UID? Or evensudo -u '#<uid>' bash?
– jazzpi
Jun 21 at 12:46
1
@jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
– Michael Kjörling
Jun 21 at 13:41
add a comment |Â
why doesn't it check for duplicated usernames when creating a new one?
– phuclv
Jun 21 at 2:18
8
Note that I think even the most baselineuseraddwill throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit/etc/passwdand/etc/shadowwhich is very much Don't Try This At Home territory.
– Shadur
Jun 21 at 7:35
"There will be no way to log in as the second user with the same name." Couldn't you still callsetuidwith the second UID? Or evensudo -u '#<uid>' bash?
– jazzpi
Jun 21 at 12:46
1
@jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
– Michael Kjörling
Jun 21 at 13:41
why doesn't it check for duplicated usernames when creating a new one?
– phuclv
Jun 21 at 2:18
why doesn't it check for duplicated usernames when creating a new one?
– phuclv
Jun 21 at 2:18
8
8
Note that I think even the most baseline
useradd will throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit /etc/passwd and /etc/shadow which is very much Don't Try This At Home territory.– Shadur
Jun 21 at 7:35
Note that I think even the most baseline
useradd will throw a fit if you try to add an existing user, so by 'force' here Andy pretty much means 'manually edit /etc/passwd and /etc/shadow which is very much Don't Try This At Home territory.– Shadur
Jun 21 at 7:35
"There will be no way to log in as the second user with the same name." Couldn't you still call
setuid with the second UID? Or even sudo -u '#<uid>' bash?– jazzpi
Jun 21 at 12:46
"There will be no way to log in as the second user with the same name." Couldn't you still call
setuid with the second UID? Or even sudo -u '#<uid>' bash?– jazzpi
Jun 21 at 12:46
1
1
@jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
– Michael Kjörling
Jun 21 at 13:41
@jazzpi That might depend on one's definition of "log in". However, I could certainly see graphical login managers allowing this situation...
– Michael Kjörling
Jun 21 at 13:41
add a comment |Â
up vote
3
down vote
I was considering to rename my home
/home/old-archbefore reinstalling the system. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.
If you have a single-user system and do a reinstall with the same, or a similar distribution, it's very likely that your user account will have the same user id, and hence be the same user from the kernel's perspective. For example, the user created during installation has been UID 1000 on Debian systems as far as I can remember. Other systems might use some other number, but it's very likely to be some small-ish integer that's the same on every install.
The same applies to other users too (if you have any) since the UIDs are usually allocated sequentially. The third user created is likely to have the same UID as the third user created on another system. You'd need to take steps beforehand to make sure that the UIDs aren't being reused on both systems.
For similar reasons, anything using NFS will need to have a shared user database.
But in this case, since it's your personal system you can just login as root and run chown newuser. -R /home/olduser even if the UID were to be different.
(Windows systems are different, they generate that longish ID string that's more random. There, if you move a disk to another machine, the files will be seen owned by an unknown user, and you won't have access without using administrator powers.
Also, I said "likely" a lot in the above. There's no telling if some distribution behaves differently. Modern Linux also supports 32-bit UIDs, so while that's not nearly as long as Windows SIDs, there's still some space to use if one wants to have e.g. randomized UIDs. Usually, there's not much use for that, though. The system administrator is supposed to know what disks they attach to the system and to adjust the file ownerships accordingly, or make the mountpoint inaccessible to other users.)
answered Jun 21 at 9:14
ilkkachu
47.4k668130
add a comment |Â
up vote
3
down vote
I was considering to rename my home
/home/old-archbefore reinstalling the system. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.
If you have a single-user system and do a reinstall with the same, or a similar distribution, it's very likely that your user account will have the same user id, and hence be the same user from the kernel's perspective. For example, the user created during installation has been UID 1000 on Debian systems as far as I can remember. Other systems might use some other number, but it's very likely to be some small-ish integer that's the same on every install.
The same applies to other users too (if you have any) since the UIDs are usually allocated sequentially. The third user created is likely to have the same UID as the third user created on another system. You'd need to take steps beforehand to make sure that the UIDs aren't being reused on both systems.
For similar reasons, anything using NFS will need to have a shared user database.
But in this case, since it's your personal system you can just login as root and run chown newuser. -R /home/olduser even if the UID were to be different.
(Windows systems are different, they generate that longish ID string that's more random. There, if you move a disk to another machine, the files will be seen owned by an unknown user, and you won't have access without using administrator powers.
Also, I said "likely" a lot in the above. There's no telling if some distribution behaves differently. Modern Linux also supports 32-bit UIDs, so while that's not nearly as long as Windows SIDs, there's still some space to use if one wants to have e.g. randomized UIDs. Usually, there's not much use for that, though. The system administrator is supposed to know what disks they attach to the system and to adjust the file ownerships accordingly, or make the mountpoint inaccessible to other users.)
answered Jun 21 at 9:14
ilkkachu
47.4k668130
add a comment |Â
up vote
3
down vote
up vote
3
down vote
I was considering to rename my home
/home/old-archbefore reinstalling the system. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.
If you have a single-user system and do a reinstall with the same, or a similar distribution, it's very likely that your user account will have the same user id, and hence be the same user from the kernel's perspective. For example, the user created during installation has been UID 1000 on Debian systems as far as I can remember. Other systems might use some other number, but it's very likely to be some small-ish integer that's the same on every install.
The same applies to other users too (if you have any) since the UIDs are usually allocated sequentially. The third user created is likely to have the same UID as the third user created on another system. You'd need to take steps beforehand to make sure that the UIDs aren't being reused on both systems.
For similar reasons, anything using NFS will need to have a shared user database.
But in this case, since it's your personal system you can just login as root and run chown newuser. -R /home/olduser even if the UID were to be different.
(Windows systems are different, they generate that longish ID string that's more random. There, if you move a disk to another machine, the files will be seen owned by an unknown user, and you won't have access without using administrator powers.
Also, I said "likely" a lot in the above. There's no telling if some distribution behaves differently. Modern Linux also supports 32-bit UIDs, so while that's not nearly as long as Windows SIDs, there's still some space to use if one wants to have e.g. randomized UIDs. Usually, there's not much use for that, though. The system administrator is supposed to know what disks they attach to the system and to adjust the file ownerships accordingly, or make the mountpoint inaccessible to other users.)
answered Jun 21 at 9:14
ilkkachu
47.4k668130
I was considering to rename my home
/home/old-archbefore reinstalling the system. I wondered if the new system would give me the old permissions on my files or if it would recognize me as a different arch.
If you have a single-user system and do a reinstall with the same, or a similar distribution, it's very likely that your user account will have the same user id, and hence be the same user from the kernel's perspective. For example, the user created during installation has been UID 1000 on Debian systems as far as I can remember. Other systems might use some other number, but it's very likely to be some small-ish integer that's the same on every install.
The same applies to other users too (if you have any) since the UIDs are usually allocated sequentially. The third user created is likely to have the same UID as the third user created on another system. You'd need to take steps beforehand to make sure that the UIDs aren't being reused on both systems.
For similar reasons, anything using NFS will need to have a shared user database.
But in this case, since it's your personal system you can just login as root and run chown newuser. -R /home/olduser even if the UID were to be different.
(Windows systems are different, they generate that longish ID string that's more random. There, if you move a disk to another machine, the files will be seen owned by an unknown user, and you won't have access without using administrator powers.
Also, I said "likely" a lot in the above. There's no telling if some distribution behaves differently. Modern Linux also supports 32-bit UIDs, so while that's not nearly as long as Windows SIDs, there's still some space to use if one wants to have e.g. randomized UIDs. Usually, there's not much use for that, though. The system administrator is supposed to know what disks they attach to the system and to adjust the file ownerships accordingly, or make the mountpoint inaccessible to other users.)
answered Jun 21 at 9:14
ilkkachu
47.4k668130
answered Jun 21 at 9:14
ilkkachu
47.4k668130
answered Jun 21 at 9:14
ilkkachu
47.4k668130
answered Jun 21 at 9:14
ilkkachu
47.4k668130
47.4k668130
add a comment |Â
add a comment |Â
up vote
1
down vote
Unix is a very old system, an era where storage capacities were very tiny, and everything — as well files as users — were identified by numbers. Names came later, after storage had grown a little bit.
A virtue of this system is that names are only labels hooked to the real handles: the numeric IDs. So you can have several names for one user (in editing /etc/passwd directly), as well as several names for one file (useful to store the file only once, but see it at several locations).
Limits are the system for the user, and the partition for the file.
I say that just to clarify, to explain why things are what they are.
I must confess I have never tried the opposite way — a same name with different IDs — I had always thought it was not possible. Is it? Not as a bug?
answered Jun 21 at 9:08
ypouplard
114
1
So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
– Doug O'Neal
Jun 21 at 13:02
Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
– ypouplard
Jun 21 at 14:26
1
@DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
– cHao
Jun 21 at 14:26
3
@ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
– Doug O'Neal
Jun 21 at 16:32
add a comment |Â
up vote
1
down vote
Unix is a very old system, an era where storage capacities were very tiny, and everything — as well files as users — were identified by numbers. Names came later, after storage had grown a little bit.
A virtue of this system is that names are only labels hooked to the real handles: the numeric IDs. So you can have several names for one user (in editing /etc/passwd directly), as well as several names for one file (useful to store the file only once, but see it at several locations).
Limits are the system for the user, and the partition for the file.
I say that just to clarify, to explain why things are what they are.
I must confess I have never tried the opposite way — a same name with different IDs — I had always thought it was not possible. Is it? Not as a bug?
answered Jun 21 at 9:08
ypouplard
114
1
So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
– Doug O'Neal
Jun 21 at 13:02
Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
– ypouplard
Jun 21 at 14:26
1
@DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
– cHao
Jun 21 at 14:26
3
@ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
– Doug O'Neal
Jun 21 at 16:32
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Unix is a very old system, an era where storage capacities were very tiny, and everything — as well files as users — were identified by numbers. Names came later, after storage had grown a little bit.
A virtue of this system is that names are only labels hooked to the real handles: the numeric IDs. So you can have several names for one user (in editing /etc/passwd directly), as well as several names for one file (useful to store the file only once, but see it at several locations).
Limits are the system for the user, and the partition for the file.
I say that just to clarify, to explain why things are what they are.
I must confess I have never tried the opposite way — a same name with different IDs — I had always thought it was not possible. Is it? Not as a bug?
answered Jun 21 at 9:08
ypouplard
114
Unix is a very old system, an era where storage capacities were very tiny, and everything — as well files as users — were identified by numbers. Names came later, after storage had grown a little bit.
A virtue of this system is that names are only labels hooked to the real handles: the numeric IDs. So you can have several names for one user (in editing /etc/passwd directly), as well as several names for one file (useful to store the file only once, but see it at several locations).
Limits are the system for the user, and the partition for the file.
I say that just to clarify, to explain why things are what they are.
I must confess I have never tried the opposite way — a same name with different IDs — I had always thought it was not possible. Is it? Not as a bug?
answered Jun 21 at 9:08
ypouplard
114
answered Jun 21 at 9:08
ypouplard
114
answered Jun 21 at 9:08
ypouplard
114
answered Jun 21 at 9:08
ypouplard
114
114
1
So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
– Doug O'Neal
Jun 21 at 13:02
Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
– ypouplard
Jun 21 at 14:26
1
@DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
– cHao
Jun 21 at 14:26
3
@ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
– Doug O'Neal
Jun 21 at 16:32
add a comment |Â
1
So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
– Doug O'Neal
Jun 21 at 13:02
Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
– ypouplard
Jun 21 at 14:26
1
@DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
– cHao
Jun 21 at 14:26
3
@ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
– Doug O'Neal
Jun 21 at 16:32
1
1
So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
– Doug O'Neal
Jun 21 at 13:02
So are you saying that other file systems like NTFS or CIFS use usernames and not alphanumeric SIDS to store file owerships and permissions?
– Doug O'Neal
Jun 21 at 13:02
Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
– ypouplard
Jun 21 at 14:26
Not sure, but I believe it is the case, as alphanumeric SIDS did not exist when Windows was created — I still remember the day I bought Windows 286, which was the first graphic successor of MS-DOS …
– ypouplard
Jun 21 at 14:26
1
1
@DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
– cHao
Jun 21 at 14:26
@DougO'Neal: NT SIDs have two formats: a textual representation, and a 12-byte binary form. AFAIK, NTFS uses the latter internally, so it still uses numbers to identify users -- just very big numbers. :)
– cHao
Jun 21 at 14:26
3
3
@ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
– Doug O'Neal
Jun 21 at 16:32
@ypouplard When Windows was created it was a single-user operating system. Didn't have any need to set file owership as the person sitting at the keyboard ruled all.
– Doug O'Neal
Jun 21 at 16:32
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f450973%2fhow-does-linux-identify-users%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
12
The simple answer is "it doesn't", because you're not supposed to have multiple users with the same username.
– Ignacio Vazquez-Abrams
Jun 20 at 21:06
6
UIDs, which are distinct from but usually associated with user names, are how this sort of thing is tracked. See the output of
ls -n.– DopeGhoti
Jun 20 at 21:10
5
"Send" is too nebulous an operation to answer the question. Permissions only apply to a single system (of arbitrary size).
– Ignacio Vazquez-Abrams
Jun 20 at 21:11
1
@IgnacioVazquez-Abrams This question actually came to my mind when I was considering to rename my home
/home/old-archbefore reinstalling the system (I have/homeon its own partition and I don't format it), so that I could then have a new, pristine/home/arch. I wondered whether I would retain the same permissions on my files, or if the system would recognize me as a differentarch.– Arch Stanton
Jun 20 at 21:17
1
I think the case you mention in your comment is interesting, about two users with the same username, but on different systems installed on the same machine, accessing the same files on a shared partition. Perhaps you could add it to the question?
– Time4Tea
Jun 20 at 21:51