Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have been learning Linux for the past few months and just recently started with Bash programming.
Using scripts it is possible to find users with duplicate UIDs but is there any way or script why which duplicate UIDs can be prevented altogether.
Using the command-line utility 'adduser' you will avoid duplicate UIDs. In fact, even the lower-level 'useradd' should avoid it. Someone on your system may have used 'vipw' or otherwise manually edited /etc/passwd and associated files.
Thanks for the reply but my question is from a System Administrator's point of view. Securing (Hardening) Linux.
Is there a way to prevent duplicate IDs? A system level policy
I'm wondering from what perspective you took my answer to be. Only administrators have access to those tools, and those tools, using their defaults, do indeed enforce that policy.
I'm wondering from what perspective you took my answer to be. Only administrators have access to those tools, and those tools, using their defaults, do indeed enforce that policy.
Ah, shouldn't have posted so soon. I guess what you're asking is "is there a way to prevent myself from shooting myself in the foot"?
Just off the top of my head, implementing /etc/passwd and /etc/shadow as symlinks to dynamic "files" implemented by a user filesystem (FUSE) could possibly work, at a tremendous cost in added complexity and possibility of subterfuge. Let's say you implemented it using some type of database, with the UID being a primary key; an administrator could remove the primary key attribute from the field, and you'd be back with the original problem.
Some problems are better solved by policy rather than technology. Of course, you could put /etc and anything else you want unchangeable on DVD or other write-once media, but then any time you wanted to change something you'd have to burn a new disk.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.