getpwuid vs. getpwnam

[John Cecere]

Bob,

Thanks for the response. See embedded comments.

Bob Proulx wrote:

>John Cecere wrote:
>  
>
>>Please respond directly.
>>[...]
>>After building and installing openssh, I was having trouble getting my 
>>RSA authentication to work. In investigating it, I noticed that it was 
>>attempting to use /.ssh/id_rsa.pub as my public key file instead of 
>>/export/home/rjohn/.ssh/id_rsa.pub.
>>    
>>
>
>Confused here.  Do you mean id_rsa or id_rsa.pub?  I would have
>expected you to say id_rsa here and not the .pub file.
>  
>
Yes. I meant the private key file. My mistake. My point was that it was 
looking in the wrong directory.

>  
>
>>Wouldn't it be more appropriate to use something like 
>>getpwnam(getenv("LOGNAME")) instead ?
>>    
>>
>
>That would definitely break a lot of my scripts.  We also have
>multiple root users here.  But we rely upon the fact that the file
>~root/.ssh/id_rsa is the one and only root identify file.
>
>Wouldn't it be reasonable to use the -i option?
>
>  ssh -i ~bob/.ssh/id_rsa somehost ...
>
>That allows you to use whatever identity file you wish to use.
>  
>
I would think that it would make more sense to use the home directory of 
the intended user. Using the user name (not the uid) as the basis of 
determining the home directory of the user is something that unix 
programs have done since I started working with unix 20 years ago. If 
you look at other commands in unix (e.g. telnet, rlogin, ftp, etc.), 
they all use the username as the basis for determining the home 
directory for their configuration files, which is why I've never had a 
problem with them. I'm actually a little surprised that ssh doesn't do 
this as well. Before encountering this issue, I just assumed it was a 
given that a program would use the logged in user's home directory, and 
not something else. I guess it all comes down to whether or not you 
consider an alternate root account to be a separate user from root 
itself. I think it should be treated this way for a few reasons. An 
alternate account for a specific uid is usually set up so that an 
alternate envirnment can be used. That environment is tied to the 
alternate account's home directory (.profile, .bash_profile, etc.). All 
the shells that I know of use the home directory listed in /etc/passwd 
for that user and not the home directory for the first uid associated 
with the account that it finds in /etc/passwd. Also, The fact that there 
is a separate /etc/passwd entry for it implies a separate user with a 
separate environment.

There's another thing that puts a wrench into this. What would happen if 
you didn't list root as the first entry in /etc/passwd ? There's nothing 
that says that you have to. If your alternate root account was listed 
before root in /etc/passwd, ssh would always use the alternate root 
account's home directory, even if you logged in as root itself. So with 
the current scheme that ssh employs, order becomes important in 
/etc/passwd when it shouldn't be. Now granted, most people don't go 
around mixing up their /etc/passwd and moving the root entry elsewhere, 
but what about non-root alternate accounts ? Say you have several users 
with the same uid of (say) 500. ssh will always use the home directory 
of the first account it finds. An example of this would be Hylafax. It 
installs a fax user with the same uid as uucp, but with a separate home 
directory.

>>Since the login program itself (in both Linux and Solaris) sets
>>LOGNAME, it's a reasonably safe assumption that it will get set
>>correctly.
>>    
>>
>
>Some systems say LOGNAME.  Some systems say USER.
>  
>
Most say LOGNAME. Some say both. The login program in Linux and Solaris 
use LOGNAME only to determine the home directory.

>Bob
>  
>
Thanks,
John

-- 
John Cecere
Sun Microsystems
732-302-3922 / john.cecere at sun.com