4

On unix systems, each separate user account has a unique username. Passwords, then, are not unique - every distinct user could have the same exact password.

I want to do the converse. I want one username, but I want that login name to have multiple passwords. Depending on the password, you would either be logged into a different account (with a different UID) or you would simply have a different home directory.

The goal is for two separate entities to share the same username but have their files be separate - in this case, file permissions between different UIDs are less important.

Any thoughts on how to accomplish this, or something like it? Some abuse of /etc/shadow or PAM?

Is this something that could be accomplished by writing a PAM module (I've never written one before. Is it very very hard?)

poundifdef
  • 346
  • 1
    To be honest, this sounds like a perfect job for sudo. You can have a username which has all the privileges the other users can have access to, but restrict who can actually access what in the sudoers file. – nopcorn Dec 12 '11 at 07:24
  • 3
    Why do you want to do that? – user unknown Dec 12 '11 at 07:34
  • 3
    It might help if you explain what the goal is -- why do you want two accounts with the same username but different UIDs? – Michael Mrozek Dec 12 '11 at 07:35
  • 1
    I want multiple people to think that they're logging on as the same user when in fact they are not. As an example, my parents want my username+password, and rather than setting up a fake account for them, how about I set a fake password instead? (s/my parents/friend of mine who is in a similar pickle) – poundifdef Dec 12 '11 at 07:37
  • In a more general case, I could set up a honeypot which lets me log in, but a nefarious user's actions could be recorded and not affect system changes. – poundifdef Dec 12 '11 at 07:40
  • 2
    In the case of your parents, I'd politely ask whose machine this is -- and if it's their machine, I'm afraid your options boil down to comply or get a machine of your own. In the latter case, there are ways to set up a honeypot but this isn't one of them. As far as I know there is no way to do this on unix systems -- or on most others I'm aware of for that matter. – Shadur-don't-feed-the-AI Dec 12 '11 at 13:27
  • 2
    What about just having your real username as something they wouldn't expect, and having the username they expect as a honeypot? – Chris Down Dec 12 '11 at 13:38

4 Answers4

10

I don't believe that's possible. You could have two entries in /etc/passwd with the same user names but different UIDs, but the system would probably just ignore the second one (or misbehave in some way); arguably such an /etc/passwd file would be considered corrupt.

When you login to the system, you're first prompted for your user name. Once you've done that, the system prompts for your password, and checks whether the entered password matches the password for the account corresponding to that user name. By the time you're entering your password, the system has already determined what account you're trying to access.

I suppose you could modify various pieces of the system to get the behavior you want, but you'd have to replace several different pieces of software, including anything that authenticates and authorizes users (console login, su, ssh, and whatever other methods are enabled). Any mistakes would likely open huge gaping security holes.

EDIT : Based on the comments, PAM is probably the way to do this. I'm not familiar enough with PAM to go into more detail. (It's still a really bad idea.)

Keith Thompson
  • 22,340
  • 1
    Making a mistake isn't needed for said security hole. What if one of those users wants to change their password, and chooses the same one as the other user by coincidence? With conflicting usernames, there's no issue because the password is unknown. The same isn't true if the usernames are the same. – Izkata Dec 12 '11 at 15:02
  • 1
    For the most part, on a semi-recent system, "anything that authenticates and authorizes users" is PAM. What to prompt for is basically up to PAM. Also, PAM is what handles password changes, so, you could deal with it. – derobert Dec 12 '11 at 17:15
3

I haven't double-checked the API docs to be absolutely sure, but you can probably find a way to do this with PAM. It probably isn't even that hard. You may even be able to do it with the existing PAM modules.

Not that you should. There are a lot of things which basically assume a name maps to one and only one user id. For example, getpwnam in the C library. I'd certainly not want this on any system I have to maintain; I expect random breakage would be routine.

Also, this doesn't really get you much towards you/your friend's goals: first, if you have physical access to a PC, obtaining root is easy; second, it won't actually fool anyone—it'll be obvious that things are missing (why is document X missing, why is there no web browser history, why are there no Firefox extensions, why is the modify and access time on all files ancient, etc.)

derobert
  • 109,670
2

I think the double login could be done with two (or more) PAM authentication backends. For example if using LDAP and normal passwd/shadow user login, if the password entry fails for a few times for the first method, than PAM falls back to second.

At least this was what I encountered some years ago when we used this same setup.

Whether this would mean that different userID-s would be used, I can't say, but perhaps yes, because LDAP could map the same username to a different user ID.

But anyway this would mean that you would have to create failed logins (2 or 3 times if I remember correctly) every time you want to login to your machine. So it's not that comfortable hack.

But nevertheless this would generate the same problems as mentioned above by others as the system would search for everything in the primary backend, so it will gave back the info for the fake login.

Tylla
  • 60
1

In theory, that's possible, but it's generally a bad idea, which explains why you won't find any ready-made program for it.

What you're asking for is to have separate accounts with the same publicly visible identity. Since they are separate accounts, they have distinct true identities. Presented this way, it can be sensible (with the private identities used for permissions and in logs). I can't think of anything existing at the general user authentication level.

However, I don't think this can meet your goals that one of the users would believe they are using a shared account. You would need to do a lot more than pretend that your user name is the same: you would need to fake file sharing (if they delete a file then realize you're still using it, the jig is up), login times and so on. At this point, you might as well use a different user name.

So create an account for yourself, and create another shared account which you only pretend to use. For better separation, create these accounts in separate virtual machines (e.g. using LXC).

Gilles 'SO- stop being evil'
  • 829,060