3

I'm trying the get owner's name of a Unix file using C. The only method I have found is to use stat() and then getpwuid(stat.st_uid). But, it only returns the first user name with that uid, where users in the password file can have the same uid. Obviously, this is unacceptable and cannot be trusted.

References:

Owner is recievd from password file: http://pubs.opengroup.org/onlinepubs/007904875/functions/getpwuid.html

Uid is found in password file: http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/

Unix allow multiple users to have same uid: http://www.e-reading.org.ua/htmbook.php/orelly/networking/puis/ch04_01.htm

Is there an accurate way or a lower level way, some kind of look up table that would guarantee me accurate results?

Mat
  • 202,337
  • 40
  • 393
  • 406
cxx6xxc
  • 171
  • 8
  • 2
    How cannot this be trusted? In classical Unix permissions, the UID of the owner is indeed stored with the inode and yes, a UID can match several users. Also, it may not be in the password file, it depends on your nsswitch configuration on most modern Unix systems. – fge Dec 25 '12 at 08:51
  • I'm going by the information I have found on the internet to this point. I have read getpwuid() get's it's information from the password file. I have also read it takes the first uid it finds. More than one person can have the same uid. Have I got false information? – cxx6xxc Dec 25 '12 at 08:56
  • Here is says where it gets uid:http://pubs.opengroup.org/onlinepubs/007904875/functions/getpwuid.html – cxx6xxc Dec 25 '12 at 09:00
  • Here is says the uid is in the password file: http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/ – cxx6xxc Dec 25 '12 at 09:04
  • Here under section: 4.1.1 User Identifiers (UIDs) WE have evidence of Unix allowing same uid's: http://www.e-reading.org.ua/htmbook.php/orelly/networking/puis/ch04_01.htm – cxx6xxc Dec 25 '12 at 09:07
  • I'm confused, is there something I missed? – cxx6xxc Dec 25 '12 at 09:07
  • There is nothing you are missing, but on the other hand there really is nothing you can do about it either. Unacceptable or not, a UID can match several user entries in a password file, but other naming services will indeed not allow for it. – fge Dec 25 '12 at 09:21
  • But uid is not my question. Unix must go by something other than uid to determine ownership of a file, because I can have the same uid but not share it with another with my uid. – cxx6xxc Dec 25 '12 at 09:32
  • No, it goes by UID only, and matching that UID to a username depends on your nsswitch configuration. See `/etc/nsswitch.conf` and the `getent` command (service `passwd`). – fge Dec 25 '12 at 09:39
  • Maybe you're confusing GID with UID. Which users on your system have the same UID? I doubt that any normal login users share a common UID. – Nikos C. Dec 25 '12 at 09:48
  • No, not confusing. There are good reasons at time for users to have the same uid: http://www.e-reading.org.ua/htmbook.php/orelly/networking/puis/ch04_01.htm – cxx6xxc Dec 25 '12 at 09:54
  • I have also experience during user creation and deletion that a new user gains access to files of an old user because they are assigned the deleted users uid. Sort of like the landlord not changing the locks on the door? – cxx6xxc Dec 25 '12 at 09:56

2 Answers2

9

Unix file permissions work by using the UID. Usernames can't own files. Only UIDs can. So if a file belongs to a specific UID, than all users with that UID own the file.

So it doesn't matter which username you get, since all users with that UID own the file.

Nikos C.
  • 50,738
  • 9
  • 71
  • 96
  • My question is Owner, not uid. Somehow Unix identifies this accurately, and I'm guessing it doesn't search the password file. – cxx6xxc Dec 25 '12 at 09:11
  • @cxx6xxc The owner of a file is a UID. – Nikos C. Dec 25 '12 at 09:42
  • I mean the owners name. Somehow, a name is put on a file – cxx6xxc Dec 25 '12 at 10:00
  • @cxx6xxc Yes, through the passwd file. Which username will be picked if there are multiple ones, I don't know. But it doesn't matter anyway. – Nikos C. Dec 25 '12 at 10:50
  • Ok, I finally got it. I created two users bob and jim. bob was give 1003, jim 1004. I edited /etc/password to jim had 1003. jim then could not sign in. Logging in does name checking. I created sue (uid:1004), and she ended up owning jim's folder. So, you guys are right, just had to prove it to myself, because it just didn't make sense. For a moment, when I signed in as admin, before sue was created, jim's files weren't listed as a user, just a previously known uid in the spot in nautilus where a owner goes. It all makes sense,but seems to be a security flaw that should be fixed. – cxx6xxc Dec 25 '12 at 11:30
  • Perhaps a new user who inherits a privileged users files will also inherit their privileged groups? – cxx6xxc Dec 25 '12 at 11:35
  • 1
    @cxx6xxc There is no security flaw here, since only root can create new users, and new users always have a different UID unless root explicitly requests a custom UID. – Nikos C. Dec 25 '12 at 12:21
  • Point taken. But, Unix autoreassigns the the last users uid to the next user. The new user gains access to all their old files. I would consider that a security issue if sensitive data is in those files. Not entirely sure, but this would also work for guid and even be more dangerous when the new user now has escalated privileges from the previous user guid. – cxx6xxc Dec 26 '12 at 11:31
  • @cxx6xxc When a user account is deleted, it gets removed from all groups. `userdel` has an `-r` option which removes the user's home directory and the mail spool. Of course if the user had files somewhere else, they'll stay there. But its easy to find them. Also note that if the classic Unix permission scheme is not enough for someone, then an ACL setup might be a better choice. – Nikos C. Dec 26 '12 at 11:50
5

If you have multiple names associated with a single UID, you have multiple names associated with that UID. But as far as the kernel is concerned, all thoser names are aliases for the SAME user.

That is, the name is a purely human fiction and the only thing ever stored is the UID.

For example's sake, say we have two lines in /etc/passwd:

user:50:50:...
resu:50:50:...

This defines two mappings from username to UID. Internally, only the numeric UID is used to determine who "someone is", so if resu creates a file and sets the permissions to user:read/write, group:none, other:none, user can still read it, because as far as the kernel are concerned, they are the same user.

/the/example/file
  owner: 50
  group: 50
  permissions: rw-------

The only things stored in the file system, as far as ownership is concerned, is the numerical user ID and the numerical group ID. For mapping from numerical ID to human-friendly string, whatever is the first mapping found is the one used, because they're all identical.

In hort, don't give two users the same numerical ID, because if you do, you'e making life too hard on yourself.

Vatine
  • 20,782
  • 4
  • 54
  • 70
  • So if I create a file on a shared directory, and I change the permissions of the file so only I can read and write to it, then how does unix know the user with my uid can't read and write to it? – cxx6xxc Dec 25 '12 at 09:14
  • 1
    @cxx6xxc It knows that only users with the same UID as the one that owns the file should be allowed to read and write it. By default, users don't have the same UID, since that would make it impossible to distinguish between them. – Nikos C. Dec 25 '12 at 09:45