Hello Olivier and Daniel,
I've been bugged by the thought of the multiple user names for one
user id - I've never thought about it and have never considered the
possibility.
In Linux tools (see any Debian based system, command "useradd")
there is an option to allow multiple user names per id, but it has
to be requested specifically. I believe there is a good reason for
this. Most systems needing sophisticated access levels (some private
files, some shared files, and some files readable by a daemon only),
build their security around *groups* and hand out group memberships
to users.
I have found an interesting and indepth article on Unix/Linux system
security. Especially this page is of interest: http://www.lst.de/~okir/blackhats/node23.html
It states that the kernel only knows about user ids and the notion
of user names is just a convenience for the user. So, if you have a
tool like ISPConfig creating user names with the same user id you're
in effect creating the same set of permissions at the kernel level -
this sounds very dangerous if you're granting shell access to those
users.
I've read through the article on setuid programmes (http://www.lst.de/~okir/blackhats/node22.html
) and it seems absolutely possible that a user id is mapped to
multiple user names. So if jailkit (specifically jk_chrootsh) goes
ahead and checks user names outside and inside the jail match (as it
does now), this seems to be the best thing that can be done, seeing
that different usernames can be mapped to the same id. And security
is paramount in jailkit.
I will follow up this line of thought on the jailkit-dev list, as I
will get into more technical details.