Всегда ли у учетной записи root UID / GID 0?

77470
Tanaki

Во всех системах Linux, которыми я управлял, учетная запись root имеет GID и UID, равный 0. Это гарантировано, или возможно, что система будет давать root другим ID?

39
ID 0 имеет все права. Фактическое имя (или имена -multiple-) может отличаться. Например, на моем сервере два пользователя uid 0. Один называется «корень», другой - «тоор». Hennes 10 лет назад 3

3 ответа на вопрос

71
a CVn

There are actually two parts to your question.

Does the superuser account always have uid/gid 0/0 on Linux?

Yes. As is pointed out by Rich Homolka in a comment, there's code in the kernel which explicitly checks for uid 0 when needing to check for the root user, which means that root always has at least uid 0.

Is the name of the user account with uid 0 always root?

No. root is just a name, listed in /etc/passwd or some other authentication store. You could just as well call the account admin, and the OS itself won't care, but some applications might not quite like it because they expect there to exist a privileged account named root. Calling the uid 0 account on a *nix root is a very strongly held convention, but it isn't required by the system (though it may be required by certain userland software, possibly including system administration utilities).

It's also worth noting that, as pointed out by Simon Richter, on BSDs there often exists a second uid 0 account, by convention named toor (which is "root" spelled backwards, and also lexically comes after root in a list sorted alphabetically). For example, FreeBSD uses it to provide a root user with a customized shell setting, leaving the root user with a default shell which is guaranteed to exist on the system's root partition (useful for recovery purposes).

В ядре есть код для проверки root, uid == 0. Да, он жестко запрограммирован и постоянен. Rich Homolka 10 лет назад 13
BSD обычно имеет `root` и` toor`, оба с UID 0. Simon Richter 10 лет назад 0
@SimonRichter. В этом случае существует учетная запись суперпользователя с именем `root`, поэтому никаких проблем нет, если библиотеки хранилища аутентификации не перепутают двух пользователей с одинаковым UID (в этом случае BSD не будут сделайте это так, иначе библиотеки будут исправлены). a CVn 10 лет назад 0
14
Rich Homolka

1) the administrator is always uid == 0. This is coded in the kernel. It would take some coding in the kernel to change this. There's not much point to this, so it's not done. For example, it would be inconsistent for other unixes sharing the same NFS for example.

2) uid 0 does not necessarily map to root. The best example is FreeBSD. It has two uid == 0 accounts, the difference being the shell. root has shell /bin/sh, which is a simple shell, useful for when your disks are bad and you need fsck /usr. toor uses tcsh, which is much more useful in non-emergency situations,since it has things like history, etc.

Another, more personal example; one job I had where they had a root equiv (i.e. uid=0) account over NIS. The password, blank! Because the new sysadmin couldn't remember the root password on the machines. I yelled about this for obvious reasons (NIS passwords by definition can not hide their blankness). I was not happy about this account.

And it really isn't the system that gives uid 0 is root, it's you. You change this my using passwd files, or other naming directories (NIS, ldap) but it's not compiled in. Though you should have at least one uid 0 account in /etc/passwd, since you may not have networking when you really need it.

So root is always uid 0, but uid 0 is not necessarily always root.

Ох, боль выбора только одного принятого ответа ... Tanaki 10 лет назад 1
@Tanaki Как правило, «примите» ответ, который больше всего помог вам ответить на ваш вопрос, и опишите все ответы, которые вы сочли полезными. Ничто не говорит о том, что вы должны принять самый голосующий или первый письменный ответ. a CVn 10 лет назад 4
0
Nuxwin

Хорошо для систем, которые используют nonStop сервер, ROOT_UID не 0, а 65535.

Пользователи и группы OSS Среда OSS не предоставляет общих имен пользователей и идентификаторов пользователей UNIX по умолчанию, если они явно не созданы администратором сайта. Однако эквивалентные имена пользователей OSS и идентификаторы пользователей существуют. Например, привилегии, обычно связанные с именем пользователя UNIX root и идентификатором пользователя 0, существуют для идентификатора пользователя (UID) OSS 65535 (супер-идентификатор), который является пользователем SUPER.SUPER и его псевдонимами.

См. Https://h20195.www2.hpe.com/V2/GetPDF.aspx/4AA4-6316ENW.pdf

В coreutils вы можете найти этот заголовочный файл root-uid.h:

/* The user ID that always has appropriate privileges in the POSIX sense.  Copyright 2012-2016 Free Software Foundation, Inc.  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.  This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.  You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.  Written by Paul Eggert. */  #ifndef ROOT_UID_H_ #define ROOT_UID_H_  /* The user ID that always has appropriate privileges in the POSIX sense. */ #ifdef __TANDEM # define ROOT_UID 65535 #else # define ROOT_UID 0 #endif  #endif

Похожие вопросы