DevHeads.net

User/Group ID assignment

Are there any guidelines regarding user and group id number assignment
on Fedora?

I'd like to add user/group for daemon, related to installed package, in
order to avoid running it as root. What numbers are already reserved and
where can I find up to date table with that numbers?

I see in my /etc/passwd that regular user accounts are assigned numbers
starting from 1000 (was it 500 on older systems?), 0-200 and 201-999 are
used by system accounts and packages like httpd, wireshark, etc.

I've found this [1] site but it looks outdated and incomplete because it
references FC5 and discussions pointed there are from 2005.

[1] <a href="https://fedoraproject.org/wiki/PackageUserCreation" title="https://fedoraproject.org/wiki/PackageUserCreation">https://fedoraproject.org/wiki/PackageUserCreation</a>

Mateusz Marzantowicz

Comments

Re: User/Group ID assignment

By Simone Caronni at 10/22/2013 - 07:38

Hello,

On 22 October 2013 13:25, Mateusz Marzantowicz < ... at osdf dot com.pl>wrote:

please read the packaging guidelines regarding user creation at rpm install
time:

<a href="http://fedoraproject.org/wiki/Packaging:UsersAndGroups" title="http://fedoraproject.org/wiki/Packaging:UsersAndGroups">http://fedoraproject.org/wiki/Packaging:UsersAndGroups</a>

As a rule of thumb, your user must be dynamically allocated and not deleted
after rpm uninstallation.
If you need a static UID you need to open a ticket to FPC.

Details in the wiki page.

Regards,
--Simone

Re: User/Group ID assignment

By Mikolaj Izdebski at 10/22/2013 - 07:32

On 10/22/2013 01:25 PM, Mateusz Marzantowicz wrote:
UIDs >= 1000 are reserved for users, < 1000 for system. System UIDs can
be allocated statically or dynamically. Static UID allocation can be
found in [1], to add a new UID you need to file a RFE against setup
package. Dynamic UID allocation is done from 999 downwards. You don't
need to reserve anything, but UIDs can very between systems.

[1] /usr/share/doc/setup/uidgid

Re: User/Group ID assignment

By Mateusz Marzantowicz at 10/22/2013 - 07:43

On 22.10.2013 13:32, Mikolaj Izdebski wrote:
Thanks, that is the list I was looking for. Is there any mechanism to
assign first available id from "less than 999" pool or should I manually
find the right number? I understand that dynamic assignment is done by
package manager, but I don't want to rebuild and reinstall rpm package
for now on.

Mateusz Marzantowicz

Re: User/Group ID assignment

By Mikolaj Izdebski at 10/22/2013 - 08:58

On 10/22/2013 01:43 PM, Mateusz Marzantowicz wrote:
Dynamic assignment is done by adduser tool. adduser -r will create user
with UID 999 if available, if not then 998 and so on. Basically adduser
-r chooses UIDs from SYS_UID_MIN to SYS_UID_MAX, as defined in
/etc/login.defs