3

I'm going to try out Solaris 11, and was wondering why the default UIDs for new users are so ridiculously high - e.g. starting at 65534 and then dropping downwards (65533, 65532, ...)? Is there a good reason for this? I know of course that such high numbers are "negative", and are commonly used for unprivileged users like the nobody-user... but these are normal privileged users.

Wouldn't it be more logical to start at some much lower value (e.g. 1000) and count upwards (1001, 1002, ...)? Are there any good reason not to do this?

What does more pro Solaris-administrators do when they assign UIDs to their users?

Any documents/sources explaining the reason by the default numbering scheme?

Baard Kopperud
  • 7,153
  • I'm surprised by this 'default'. The documentation actually seems to suggest avoiding UIDs above 60,000, due to incompatibility issues. It also says that 100 -- 60,000 is available for regular user accounts. See http://char.tuiasi.ro/doace/solaris/solaris-sysadmin-guide/ch07/212-215.html. – ire_and_curses Dec 19 '12 at 04:14

3 Answers3

3

Sounds like something in your environment created a higher than expected uid, so it just started working from there.

The Solaris 11.1 useradd man page states:

The UID defaults to the next available (unique) number above the highest number currently assigned. For example, if UIDs 100, 105, and 200 are assigned, the next default UID number will be 201.

alanc
  • 2,994
2

Just guessing, but this sounds like a way to avoid a conflict between low-numbered "standard" user IDs and local UIDs. Local UIDs count down from a maximum value, and system UIDs count up from the minimum, with near-zero chance they'll ever collide.

(I only once used a system with more than 64K normal users on a single machine, and that was back in the days before LDAP.)

The common 1-1000 scheme you refer to has a couple of problems:

  1. You burn any as-yet-unused values. You have to reserve more than you think you'll ever need.

  2. If you guess wrong, you have a forward-compatibility problem. I've used *ixes that had a threshold of 500 in one version, then 1000 in the next, doubtless because someone decided they had run out of standard UIDs, or were in danger of it.

Warren Young
  • 72,032
1

I would not say 65534 is a ridiculously high number. It is not that much negative (the standard doesn't states if uid_t is 16 or 32 bits nor does it says if it is signed or unsigned) and still pretty low compared to Solaris allowed range. I would probably only object if useradd had picked 2147483647, the highest user id number supported by Solaris. I'm perplexed by 65534 having been chosen in your case, given the fact it should have been already set as the legacy NFS anonymous user.

In any case, I do not reproduce what you describe:

# cat /etc/release
                             Oracle Solaris 11.1 X86
  Copyright (c) 1983, 2012, Oracle and/or its affiliates.  All rights reserved.
                           Assembled 19 September 2012
# tail /etc/passwd
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
svctag:x:95:12:Service Tag UID:/:
unknown:x:96:96:Unknown Remote UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
aiuser:x:61:61:AI User:/:
pkg5srv:x:97:97:pkg(5) server UID:/:
jlliagre:x:100:10:jlliagre:/home/jlliagre:/usr/bin/ksh
# 
# useradd foo
# tail -2 /etc/passwd
jlliagre:x:100:10:jlliagre:/home/jlliagre:/usr/bin/ksh
foo:x:101:10::/export/home/foo:/usr/bin/bash

This is consistent with Useradd manual page that states: The UID defaults to the next available (unique) number above the highest number currently assigned.

jlliagre
  • 61,204
  • I was using the "User Manager" from System->Administration. – Baard Kopperud Dec 19 '12 at 08:15
  • 1
    That would have been worth mentioning in your question. Almost everyone is using either useradd or centralized (nis or ldap) user management. The documentation doesn't mention how the "automatic" user id is computed with the User Manager panel. http://docs.oracle.com/cd/E26502_01/html/E29010/gltjf.html#gmadn . I'll later try to see if I reproduce this issue. – jlliagre Dec 20 '12 at 07:35