, , , ,

Recently, I was playing around with creating users and groups on my machine and observed a weird behaviour.

Created a user first and made that user to be the owner of a folder.  And, deleted that user and created another user. Now, this new user became owner to the folder.

How could this happen?

I think the ownership is assigned to the User’s ID and not the name.

How is the ID determined?

It gets the highest ID of the existing users and adds one to it and assigns it to the new user. ie. Lets say I have users with IDs 1000, 1001 and when I delete the user with ID 1001, and create a new user, that user gets 1001 as ID. If 1000 is deleted instead of 1001, the new user will get an ID of 1002.

I tried this on Ubuntu and SuSE so far and observed this on both. I agree that the system admin has to take care of restricting access to users so that they will know what all folders the user has access to. So, when the user is deleted, the admin can take care of resetting/revoking permissions. But still, Im thinking, isn’t this is a serious security issue? Coz, this newly created user got rights to folder that was not intended. Shouldn’t the system itself should take care of allocating unique IDs to users??  Any thoughts from anybody?