On Tue, Mar 3, 2015 at 6:50 PM, P. Larry Nelson <[email protected]> wrote: > > Thanks Chris for the info on login.defs. I did not realize that > file existed. Other than the occasional rants on this list, I pretty > much learn something new every day, and I've been at this a long time. >> >> On 03/03/2015 04:44 PM, Chris Schanzle wrote: >>> On 03/03/2015 03:33 PM, P. Larry Nelson wrote: >>> That used to happen in the old days before >>> system-config-users pretty much kept generated UIDs/GIDs well out >>> of the range that an installed piece of software might use. >>> I believe the rule is now that real people users get a UID > 500 >>> and installed apps (like ntop, UID:103, GID:160) use UIDs < 500, >>> but I don't know if that's a hard and fast rule with apps or not. >>> I do the same thing with any local group I create - give it a >>> GID > 500. >> >> The authoritative source used by useradd (perhaps others) is >> /etc/login.defs: >> >> grep ^UID_MIN /etc/login.defs >> UID_MIN 500 >> >> Historically it was UID >= 500 (note 500 was the first), in recent >> Fedora's and EL7, it's now 1000: >> >> grep ^UID_MIN /etc/login.defs >> UID_MIN 1000 >> >> >> Note new systems also have min/max values for system accounts in >> login.defs: >> >> # Min/max values for automatic uid selection in useradd >> # >> UID_MIN 1000 >> UID >> # System accounts >> SYS_UID >> SYS_UID_MAX 999 > > So, as I understand this, login.defs is only used by useradd (which > I assume system-config-users must invoke)? > > What is to govern (other than perhaps some sort of gentleman's > agreement in the app world) what UID/GID an application decides > to grab upon install? > > I used the ntop app as an example in a previous post under the > previous thread and noted that it grabbed UID:103, GID:160. > What's to prevent an app from grabbing a UID and GID > 500 > (or 1000 in newer releases)?
UIDs between 0-200 are allocated statically: /usr/share/doc/setup-*/uidgid UIDs between 201-999 are allocated dynamically; from "/etc/login.defs": # # Min/max values for automatic uid selection in useradd # UID_MIN 1000 UID_MAX 60000 # System accounts SYS_UID_MIN 201 SYS_UID_MAX 999 # # Min/max values for automatic gid selection in groupadd # GID_MIN 1000 GID_MAX 60000 # System accounts SYS_GID_MIN 201 SYS_GID_MAX 999
