From: pbrown@redhat.com Date: Sun, 29 Aug 1999 10:43:42 -0400 (EDT) To: lwn@lwn.net Subject: Red Hat 6.1 GID use In response to this weeks LWN capsule about Red Hat and our use of GIDs above 100: Red Hat has _always_ created _user_ accounts with an UID and GID above 500. The first user you add should have a UID of 501, and a GID of 501. If you take a look in /etc/login.defs on a fresh 6.0 install, or even a 5.x (and I believe 4.x) install, you will note that UID_MIN and GID_MIN are both set to 500. the 'useradd' and 'groupadd' commands both take note of this, and if they are not requested to create a 'system' account will not create entries with numbers below these thresholds. If they are, they create a number between 1 and the threshold, wherever it can find a free space. System Administrators in environments where user accounts exist BELOW these thresholds are strongly encouraged to modify the defaults so that they are lower. For instance, if you have been creating user groups in the 100+ range, you would set the GID_MIN to 100. This could probably benefit from improved documentation; I am not sure /etc/login.defs is mentioned in the current Getting Started Guide, but it should be if it isn't, and we will correct this. We can't simply choose fixed UIDs and GIDs for new system accounts when we are doing a system upgrade, because as you and the user who reported his problems have already noted, we don't know the state of the machine and may end up conflicting with locally made changes. Thus, we have to ask the tool to "take its best shot" at coming up with an acceptable UID/GID combination. In addition, the groupadd(8) manual page very clearly states that GIDs below 500 are "typically reserved for system accounts." I hope this clears up any confusion. --- Preston Brown Systems Engineer pbrown@redhat.com Red Hat, Inc.