Years ago when I first installed Linux, /etc/login.defs set UID_MIN to 500, so I ended up with a user ID close to that. But now the value is 1000, so every time I install a new system I have to be careful to specify my existing user ID so I don't end up with 1000.

I've experienced difficulties interacting between networked PCs when my user had a different ID on the two machines (can't remember exactly what). So I'm careful to always keep them all the same.

Is there any advantage to changing them all to a number above 1000? Why was it changed? Is there any software package that installs a system account user ID above 500 that might clash?

I usually use Fedora Linux, though I've experimented with a number of others and this seems to be consistent across the field.

asked 20 Dec '13, 12:06

KenJackson's gravatar image

KenJackson
5113
accept rate: 0%

edited 21 Dec '13, 17:32

jeremy's gravatar image

jeremy ♦♦
1.0k1516




There is no particular advantage to changing your UID, though it might simplify things if you are trying to keep several machines consistent.

The limit was increased primarily to bring the distro in line with other distros (https://lists.fedoraproject.org/pipermail/devel/2011-May/151663.html), although the base core specifications still only require the space below 500 to be reserved (http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic/uidrange.html).

Apart from some reserved UIDs, system accounts below 500 are allocated automatically, so the limit of 500 would only matter if you had an unusually large number of these, not on any particular package.

The difficulties you may have experienced with inconsistent UIDs might be if you were sharing drives between several computers (eg networked or external drives). File ownership is based on the UID, not on user names. If you need consistency, you would either set UIDs manually, or run a more centralized authentication system.

link

answered 08 Jan '14, 07:11

neonsignal's gravatar image

neonsignal
212
accept rate: 0%

No, but not for the reason you think. The vast majority of distros automatically allocate any account created with useradd, STARTING at 500. Fedora talked about changing their limit to starting at 1000 back in F16. This is a part of a number of dumbass moves they've made in the past, and largely why I moved away from them, and back to CentOS. They seem to be on this path of changing shit just for the sake of changing it.

If you're trying to standardize users, you can do a couple of things. First would be to manually set the UID. Second would be to modify login.defs. Third would be to keep a master /etc/passwd file, and then just copy that in place before any user creation. The only accounts that use the login.defs values, are accounts created with useradd, that don't manually set the UID. Reserved ID's were set as 0-100, or used to be, there was some talk of moving to 0-200 for reserved back in F16 but I don't know if they actually did it. Dynamic account creation has started at 500 and moved up, for easily the past 5 years. It did used to start at 500 and move down but that was way back in the FedoraCore days.

For example, Apache uses useradd, and sets the value manually at 48. Splunk uses useradd and lets the OS choose the UID, and so it gets the next available value over 500. I'm not sure if fedora is forcing user account creation on build, but if it's not, you can login with the root account, modify login.defs, and then create your user. This would put you back at Fedora pre 2012.

The only benefit to keeping it at 1000, is that you run a smaller risk of running into another program/user that has specifically set their UID to a number over 1000.

RHEL, and CentOS both have kept their UID values as starting at 500 with a limit of 6000, as have most distros. However if you wanted to be absolutely sure not to run into another user, you could go north of 6000 ;-)

Hope this helps.

-Rob

link

answered 14 Jan '14, 18:24

rfelsburg's gravatar image

rfelsburg ♦
6061618
accept rate: 25%

edited 14 Jan '14, 18:25

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×90
×1
×1
×1

Asked: 20 Dec '13, 12:06

Seen: 7,628 times

Last updated: 14 Jan '14, 18:25

powered by OSQA