I've noticed a bit of an interesting thing with regards to the numbering of new users and groups when using the useradd and groupadd (and luseradd / lgroupadd) commands.
Fresh system with no user accounts on it.
Create a group called "myfamily" using "groupadd myfamily" - the file /etc/group now has the entry "myfamily:x:500".
Create the user "brother" using "useradd brother" - the file /etc/passwd now has "brother:x:500:501::/home/brother:/bin/bash" and /etc/group has "brother:x:501"
As you can see the utilities have created the user brother with a userid of 500 and a groupid of 501. All the system accounts (and if you created any users before you created the group) will have the groupid equal to the userid. The unequal userid / groupid combo doesnt cause a problem as the home directory permissions created for the user are fine.
I've done a fair bit of work with user accounts / groups stored in OpenLDAP and have had to deal with referencing user accounts and changing permissions etc by the userid/groupid and not by the name and have found recently that the above behaviour has been causing me problems as I have been (stupidly?) assuming that the users groupid is the same as their userid and inadvertently granting group rights to the wrong user / group. Talk about creating myself a security problem!!!
Im interested to hear what other people think about this. I am just being pedantic :o) Does anyone think that the behaviour of these tools should be changed to utilise a user/group id that is unique within BOTH the passwd and group files? Has anyone encountered other issues as a result of this? If im encountering this problem should I just accept it and change my
login.defs file so all userids start at 500 and all groups at 1000.
By the way i'm using FC4 with the all the latest patches, I cant remember if this behaviour happened on earlier FCs or RHELs and I dont have any machines with these OSs handy to give it a quick test.
Cheers
Dave Brown
