Avoiding duplicate short names – Apple Mac OS X Server (Administrator’s Guide) User Manual

Users and Groups

143

If Tony has a user record in his local directory domain that has the same names and password
as his record in the Students domain, the Students domain’s record for Tony would be
masked. Tony’s local domain should offer a name/password combination that distinguishes it
from the Students domain’s record. If the Students domain is not accessible (when Tony
works at home, for example), he can log in using the local name and continue using his
computer. Tony can still access local files created when he logged in using the Students
domain if the UID in both records is the same.

Duplicate short names also have undesirable effects in group records, described in the next
section.

Avoiding Duplicate Short Names

Since short names are used to find UIDs of group members, duplicate short names can result
in file access being granted to users you hadn’t intended to give access.

Return to the example of Tony and Tom Smith, who have duplicate short names. Assume that
the administrator has created a group in the root domain to which all students belong. The
group—AllStudents—has a GID of 2017.

Now suppose that a file, MyDoc, resides on a computer accessible to both Tony and Tom.
The file is owned by a user with the UID 127. It has read-only access privileges for
AllStudents. Tom is not a member of AllStudents, but the short name in his user record,
“tsmith,” is the same as Tony’s, who is in AllStudents.

Faculty

Owner 127 can: Read & Write
Group 2017 can: Read only
Everyone else can: None

MyDoc

Tony’s computer

Tom’s computer