Ben Stringer wrote:
On Fri, 2005-12-02 at 10:31 +0000, T. Horsnell wrote:
'morning all,
I see from my new RHEL4 sysadmin guide that uid's up to 500 are
reserved for system use. When I first began setting up my
Unix userbase some 15 years ago, I unfortunately chose to start
at uid 100, so I now have to change the uid's of some 400 users,
36 million files, on a hundred or so boxes. OK, this is do-able
and should be more-or-less 'transparent to the user'.
(Since I'm going to make a change, should I start at 1000 and change
the lot? How reliable is the 500?)
Hi Terry,
I also ran into this problem recently, and it was easily fixed with a
change to /etc/login.defs. Just claim UID 100 onwards as yours!
If there are any clashes, change the system UID to something new, making
sure to modify the shadow and group files, and chown any files of the
old UID to the new UID.
The thing that concerns me more, is the plethora of reserved
usernames. There seems to be no rule to distinguish a reserved
username (presumably the list in the RHEL sysadmin guide is
going to grow) and its only a matter of time before some
newly allocated name collides with one which has been given to
a user. In fact, I cant find anywhere what the rules are for
usernames. Character-set? How many chars?
Pity that reserved names arent systematic in some way (like
always starting with sys_ or somesuch).
As all "system" users are added by RPMs (possibly with the exeception of
root), you can query the RPM packages to find out if they create users.
Unfortunately, this looks to require some "roll-your-own" scripting.
This is not a solution to your problem, just some "tools" to make
dealing with it easier.
--- cut here ---
rpm -qa | while read package
do
USERADDED=`rpm -q $package --scripts | grep useradd`
if [ "${USERADDED}" != "" ]
then
echo "package $package added user using this line"
echo ${USERADDED}
echo
fi
done
--- cut here ---
I'm not looking forward to the day when a new system-username
duplicates the username of one of the directors, which he has
had for the last 15 years, and which is also his email address
held on mailing lists and institutions all over the place...
Any advice out there?
If you _really_ want to keep a username for a real user, just change the
system name to something else. In most cases, there should be no issue,
in some cases you may need to track down and modify other packages that
depend on a given username.
Cheers, Ben
I wouldn't change the start UID from 500 as old users are deleted, new
users will be above 500 so this problem will slowly be corrected.
Also, users can slowly be moved above 500 over time when we get those
rare spare minutes. :)
Robin
