Bug 177721

Summary: Suboptimal automatic UID assignment when previous users have been removed
Product: [Fedora] Fedora Reporter: n0dalus <n0dalus+redhat>
Component: system-config-usersAssignee: Nils Philippsen <nphilipp>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: rawhideCC: sundaram
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: fc6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-02-08 11:29:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description n0dalus 2006-01-13 13:10:23 UTC 
Description of problem:
Users added with system-config-users are assigned the earliest possible UID
given the restraints (eg >= 500).
Users created with useradd (shadow-utils) are assigned a UID within restraints
(eg >= 500) as well as greater than all the current UIDs.

This means that if the current UIDs on the system are 500,501,502 and 504 (503
has probably been deleted at some stage), system-config-users would add a new
user with UID 503, while useradd would create a new user with UID 505.

Apart from being inconsistent, the method used by system-config-users easily
creates a potential problem if users have been deleted. A new user will inherit
all the orphaned files of a deleted user. This has security implications.

It's also nicer when UIDs are in order of user creation.

Version-Release number of selected component (if applicable):
system-config-users-1.2.41-1.1
shadow-utils-4.0.14-1

How reproducible:
Always

Steps to Reproduce:
1. Create two new users
2. Delete the user with the lower UID (there should now be a gap in the UIDs)
3. Create a new user with useradd
4. Create another new user with system-config-users
  
Actual results:
useradd creates a user with UID higher than all current UIDs.
system-config-users creates a user with a UID in the gap. This user now owns all
of the just-deleted user's files.

Expected results:
system-config-users does the same thing as useradd in this regard.

Additional info:
This occurs on FC4 as well, with:
system-config-users-1.2.41-0.fc4.1
shadow-utils-4.0.12-6.FC4
Comment 1 Nils Philippsen 2006-04-27 15:02:45 UTC 
I'm working on it, but I want to make this behaviour configurable.
Comment 2 Nils Philippsen 2006-04-28 10:18:43 UTC 
NB: The proposed behaviour doesn't help at all if you delete the user with the
highest UID, you always should do your housekeeping when deleting users.
Comment 3 n0dalus 2006-04-28 11:17:23 UTC 
I know, but there's still something to be said for doing things the same way as
the cli tools.

Thanks for working on it.
Comment 4 Nils Philippsen 2007-02-08 11:29:09 UTC 
This should be fixed in current versions of system-config-users, closing.