Why are user IDs recycled?

Question

The other day, I deleted a user from one of our servers. That user had the ID 1002.

Today, I've added a new user to the system. To my surprise, he got the user ID 1002. Because I neglected to delete the homedir of the deleted user, the new user now owns the homedir of the old user (as well as all other resources that were previously owned by 1002).

I would have assumed that user IDs are never reused to avoid any conflicts like this. Why are they recycled and should I care/take precautions?

score 16 · Accepted Answer · answered Oct 29 '12 at 14:01

16

When you delete a user, the user information is completely removed, so there is no direct information that that ID was ever used.

(The authoritative user information is stored in /etc/passwd, which is a simple list.)

To prevent this, either

force another ID when creating new users, or
keep the user entry around (just disable logins) as long as you haven't cleaned up the corresponding files. (find's -user and -nouser options help with this.)

answered Oct 29 '12 at 14:01

CL.

2,709

2

The default action is to use the next highest number found from reading /etc/passwd. So if you remove the last user added (which will have had the highest number) the next user created will reuse that number. – StarNamer Oct 29 '12 at 15:58

Why are user IDs recycled?

1 Answers1