Equivalent uid to root

abohmeed · January 15, 2013, 4:42am

Hi all
I have a strange problem on one my my AIX machines. We have created a user called testroot with the same UID as root (uid=0) by changing the uid of that user in the /etc/passwd file. I know that this is a security breach but this is a test system.
Now the strange thing that happens is that when i run

su -

to get the root prompt and then run

id

the command says that the id of the current user is testroot and NOT root, although having a uid of 0.
Strange enough, when i try to do some root tasks with that user like changing the password of another user on a HACMP cluster i am faced with an error message that only root can do this.
To my surprise, now even if i log on to the system with username root and the root password and run

id

it says that i am logged in as testroot!
Of course the only solution to this problem was to change the uid of that user to something else to regain my root privileges.
But still this is a very weird problem. Does anybody have a clue why this behavior occurs?
Thanks a lot in advance

Scott · January 15, 2013, 4:49am

It should depend on the order the users are in the passwd file.

# head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
postgres:x:0:4003:Postgres owner:/home/postgres:/bin/bash
 
# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk)
 
(change order in passwd file...)
 
# head -2 /etc/passwd
postgres:x:0:4003:Postgres owner:/home/postgres:/bin/bash
root:x:0:0:root:/root:/bin/bash
 
# su -
# id
uid=0(postgres) gid=4003(postgres) groups=4003(postgres)

abohmeed · January 15, 2013, 4:51am

Thanks Scott.. I've already checked that. Actually the first entry in the passwd file is root and testroot is way near the end of the file.

bakunin · January 15, 2013, 8:26am

The user accounting in AIX is a bit more complicated than you seem to assume: there is not only "/etc/passwd" but also "/etc/security/passwd", similar for groups. In addition some information might be stored in the ODM. You have to change these files and make sure their contents match somehow, otherwise inconsistencies can be expected.

Without complete information i am left to guesses, but first i would check this and make sure the user database is consistent with itself.

The problem about "only root can do that" is probably caused by sloppy programming: usually the system uses numeric UIDs and these are only translated to names via consulting "/etc/passwd" for human convenience (quite like IP addresses are translated via "/etc/passwd"). Some utility might, instead of sticking to this convention, use user names instead of IDs though.

I hope this helps.

bakunin