UID-Ranges needed

Support for security such as Firewalls and securing linux
Post Reply
defekt!
Posts: 3
Joined: 2018/08/29 13:43:58

UID-Ranges needed

Post by defekt! » 2018/08/29 13:59:15

I am looking for UID-Ranges for CentOS are these different to RHEL7? Is there a list available of all UIDs and corresponding names?
UID0 is always root but from 1 to 500 or 1 to 1000 are some differences even in RHEL6/7 belonging the service UIDs, this also affects the 'normal' user accounts starting at 501 or 1001 !?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: UID-Ranges needed

Post by TrevorH » 2018/08/29 14:05:47

CentOS is rebuilt from the same SRPMs used to build RHEL so should be identical in all respects except for branding and logos and RHN/Subscription Manager.

You can expect differences between el6 and el7 as they are about 4 years apart and many things changed. Among the changes was the shift of the first non-system uid from 500 to 1000.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: UID-Ranges needed

Post by tunk » 2018/08/29 14:42:46

On CentOS 5 I did create local users with UIDs 500-1000, and these have been transferred to a CentOS 7 system.
Is this a problem as long as they don't use the same UIDs as system created ones (polkitd, unbound, colord etc.)?
Or is it advisable to give them new UIDs?

Edit: After looking at /etc/group I guess the same is true for GIDs as well?

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: UID-Ranges needed

Post by jlehtone » 2018/08/29 14:55:17

Further note that a package of a service can add (system) groups and users on installation. The addition can, but does not have to use explicit uid/gid. If it does not, then next available values in range are used.

In other words, you can have two RHEL7 where same services have been installed in different order, and their "list of system uids" will differ.


That said, if you have (user) entries in the "system range" and a service package requires explicit, conflicting id, then you have a problem.

Did you "upgrade" from CentOS 5, or will you "migrate" users and their data to the new system?
I.e. are there filesystems that will be mounted to the new OS and that have the old uid's?
Bank vault full of backup tapes of user data?

If not (much), then update the ID's.

defekt!
Posts: 3
Joined: 2018/08/29 13:43:58

Re: UID-Ranges needed

Post by defekt! » 2018/08/30 07:12:38

TrevorH wrote:
2018/08/29 14:05:47
CentOS is rebuilt from the same SRPMs used to build RHEL so should be identical in all respects except for branding and logos and RHN/Subscription Manager.

You can expect differences between el6 and el7 as they are about 4 years apart and many things changed. Among the changes was the shift of the first non-system uid from 500 to 1000.
This is what I expected and you're right about the shifting of UIDs from 500 to 1.000 of RHEL6 to 7.
Thanks mate.

RHEL6/7 0 root Reserved for use by RHEL6
RHEL6 1-499 system accounts Reserved for use by RHEL6
RHEL6 500- users normal users

RHEL7 1-999 system accounts Reserved for use by RHEL6
RHEL7 1000- users normal users

Post Reply