Today I've created a new client together with a new site. Everything seemed to word right. When I was using "chown" to change change a file for the new created user I reconised, that the group was changed but the new ownername was different to that I was given to it. Than I had a look in passwd and there I could find that the given name was taken from a user which was created before and this user had the same UID as my new user. So o found that one UID was given to two differend users. At least I found three UIDs which were used by six users. Every UID started over 10.000. It seem to me, that ISPConfig does'nt check realy if a UID is allready given or not. That sounds like a security risk. How ISPC ist giving new UIDs and how could this story happen?
ISPConfig does not check the UID's and thats not nescessary as you never should create uids in ispconfigs range manually. thats why you can set a uid range in ispconfig that must be free of other users.
I've not set UIDs manualy but new users which were automaticly created by ISPConfig use identical UIDs as I could see. I my case I've installed ossec an HIDS system. And I realy was woundering myself how ISPConfig could create new users by taking UID just of ossec. Ossec is installed for security reasons but now a new ISPConfig users has got the identical right as ossec has ... Ossec was there at first. The new ISPConfig users at last. So I was thinking if it could be nessesery for ISPConfig to check the existing UIDs before it creates new users.
OSSEC was there installed before you installed ISPConfig? I doubt that because I do not know any linux distribution that has a default user range above 10000, they all begin at 1000. I guess you installed ossec with a userid in ISPConfigs range after ISPConfig was installed. Just to make it clear, the user ID range that you set in ISPConfig under management > settings must be free for ISPConfig to use and you should never add any users manyually within this range.
No. 1. ISPConfig was installed. 2. Ossec was installed and the specific UIDs were given. 3. ISPConfig was installed. 4. New users were created by ISPConfig with the same UID that were already used by ossec. As I can see whether ossec or ISPConfig checks allready given UIDs but both creates UIDs over 10.000. So it can happen that a new user created by ISPConfig is having the same UID as the ossec user is having.
