Bug 177721 - Suboptimal automatic UID assignment when previous users have been removed
Suboptimal automatic UID assignment when previous users have been removed
Product: Fedora
Classification: Fedora
Component: system-config-users (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Nils Philippsen
Depends On:
  Show dependency treegraph
Reported: 2006-01-13 08:10 EST by n0dalus
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: fc6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-02-08 06:29:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description n0dalus 2006-01-13 08:10:23 EST
Description of problem:
Users added with system-config-users are assigned the earliest possible UID
given the restraints (eg >= 500).
Users created with useradd (shadow-utils) are assigned a UID within restraints
(eg >= 500) as well as greater than all the current UIDs.

This means that if the current UIDs on the system are 500,501,502 and 504 (503
has probably been deleted at some stage), system-config-users would add a new
user with UID 503, while useradd would create a new user with UID 505.

Apart from being inconsistent, the method used by system-config-users easily
creates a potential problem if users have been deleted. A new user will inherit
all the orphaned files of a deleted user. This has security implications.

It's also nicer when UIDs are in order of user creation.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create two new users
2. Delete the user with the lower UID (there should now be a gap in the UIDs)
3. Create a new user with useradd
4. Create another new user with system-config-users
Actual results:
useradd creates a user with UID higher than all current UIDs.
system-config-users creates a user with a UID in the gap. This user now owns all
of the just-deleted user's files.

Expected results:
system-config-users does the same thing as useradd in this regard.

Additional info:
This occurs on FC4 as well, with:
Comment 1 Nils Philippsen 2006-04-27 11:02:45 EDT
I'm working on it, but I want to make this behaviour configurable.
Comment 2 Nils Philippsen 2006-04-28 06:18:43 EDT
NB: The proposed behaviour doesn't help at all if you delete the user with the
highest UID, you always should do your housekeeping when deleting users.
Comment 3 n0dalus 2006-04-28 07:17:23 EDT
I know, but there's still something to be said for doing things the same way as
the cli tools.

Thanks for working on it.
Comment 4 Nils Philippsen 2007-02-08 06:29:09 EST
This should be fixed in current versions of system-config-users, closing.

Note You need to log in before you can comment on or make changes to this bug.