Hacker News new | ask | show | jobs
by LegionMammal978 412 days ago
One thing I was surprised to learn a couple years ago is that users and groups aren't really tracked much by the Linux kernel: they're just numeric IDs that track process and file ownership. So if you setuid() to a user ID that doesn't exist in /etc/passwd or anywhere else, the kernel won't stop you.
1 comments
latchkey 412 days ago
If I have a file on machineA with uid10001 and I copy the file to machineB, I might want it to retain that uid, but it shouldn't matter to machineB that it doesn't map to a real user.
link
rafram 412 days ago
Hopefully that user actually doesn’t exist on the second machine!
link
MrDarcy 412 days ago
You’ll see this observation all the time building containers.
link
danielrico 412 days ago
Don't if you only run them with root user.
link
kurisufag 412 days ago
or with ipa-esque authentication schemes and shared mounts
link
dimatura 412 days ago
And NFS!
link