From roottcsh@alano.diatel.upm.es  Thu Mar 16 09:34:47 1995
Received: from alano.diatel.upm.es ([138.100.49.9]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id JAA13927 for <FreeBSD-gnats-submit@freebsd.org>; Thu, 16 Mar 1995 09:34:08 -0800
Received: (from root@localhost) by alano.diatel.upm.es (8.6.9/8.6.9) id SAA01942; Thu, 16 Mar 1995 18:34:00 +0100
Message-Id: <199503161734.SAA01942@alano.diatel.upm.es>
Date: Thu, 16 Mar 1995 18:34:00 +0100
From: roottcsh@alano.diatel.upm.es
Reply-To: jmrueda@diatel.upm.es
To: FreeBSD-gnats-submit@freebsd.org
Subject: all users imported from YP have UID 0
X-Send-Pr-Version: 3.2

>Number:         245
>Category:       misc
>Synopsis:       all users imported from YP have UID 0
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs (FreeBSD bugs mailing list)
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 16 09:40:00 1995
>Closed-Date:    Thu Mar 16 20:06:37 PST 1995
>Last-Modified:
>Originator:     Operator
>Release:        FreeBSD 2.0-RELEASE i386
>Organization:
>Environment:
YP/NIS served by a machine running SunOS 4.1.1.
FreeBSD machine (YP client) has the DES patches from skeleton.mikom.csir.co.za installed
	

>Description:
When YP is activated by adding the special "+" entry to the password database,
all users imported from YP have UID 0 and GID 0.
	

>How-To-Repeat:
Activate YP and add the special "+" entry to /etc/passwd (with vipw).
Then execute "id anyone". If that user exists in the YP/NIS database, it
will be listed with UID and GID 0, instead of its real UID and GID.

Also, if you attempt to "su" to it, you won't be able, unless you are in group
wheel. If you attempt to login as that user, you won't be allowed, unless the
terminal is secure. Of course, that means that any user listed in the YP
database that has access to a secure terminal can be root just by logging with
his usual name and password.

	

>Fix:
Not known. This didn't happen under FreeBSD 1.1R.

	

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: wpaul 
State-Changed-When: Thu Mar 16 20:06:37 PST 1995 
State-Changed-Why:  
There is no bug: the reason this is happening is that you have not 
configured things correctly. To turn on client access to the passwd map, 
you have to use vipw to add a line to /etc/master.passwd that says 
'+::::::::: (that's a plus sign and nine colons). Using just a 
plus sign doesn't work. 
>Unformatted:



:
