Red Hat Bugzilla – Bug 177721
Suboptimal automatic UID assignment when previous users have been removed
Last modified: 2007-11-30 17:11:20 EST
Description of problem:
Users added with system-config-users are assigned the earliest possible UID
given the restraints (eg >= 500).
Users created with useradd (shadow-utils) are assigned a UID within restraints
(eg >= 500) as well as greater than all the current UIDs.
This means that if the current UIDs on the system are 500,501,502 and 504 (503
has probably been deleted at some stage), system-config-users would add a new
user with UID 503, while useradd would create a new user with UID 505.
Apart from being inconsistent, the method used by system-config-users easily
creates a potential problem if users have been deleted. A new user will inherit
all the orphaned files of a deleted user. This has security implications.
It's also nicer when UIDs are in order of user creation.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create two new users
2. Delete the user with the lower UID (there should now be a gap in the UIDs)
3. Create a new user with useradd
4. Create another new user with system-config-users
useradd creates a user with UID higher than all current UIDs.
system-config-users creates a user with a UID in the gap. This user now owns all
of the just-deleted user's files.
system-config-users does the same thing as useradd in this regard.
This occurs on FC4 as well, with:
I'm working on it, but I want to make this behaviour configurable.
NB: The proposed behaviour doesn't help at all if you delete the user with the
highest UID, you always should do your housekeeping when deleting users.
I know, but there's still something to be said for doing things the same way as
the cli tools.
Thanks for working on it.
This should be fixed in current versions of system-config-users, closing.