CentOS 7 UIDs



  • In reading a book on CentOS 7, it is discussing user creation and UID. It specifies that, when creating the user, you can set the UID, but suggests that you should never use a UID less than 500. You should use only everything 500 and above.

    My question is, why is this significant? Is this range from 0 (I am assuming to start at 0) to 499 reserved for root or system processes or something else?

    Part of the Adventures into Learning CentOS 7 series


  • Service Provider

    Convention. You can use numbers however you like, but convention has always been that under 500 is reserved for system services and over 500 is open for normal "log in" users. It's so you don't have to go looking through random IDs to find accounts. But at the end of the day, it is purely a convention and not something intrinsic to any part of the platform.


  • Service Provider

    An important value to this convention is that you can be confident that installing Apache, for example, on one server is not going to randomly grab a UID above 500 that you might want to have used as a user standard across your environment.



  • @NerdyDad You've got it.

    Root is almost always zero. With system accounts being assigned numbers starting with 1. A quick example from my jumpbox.

    tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
    sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
    postfix:x:89:89::/var/spool/postfix:/sbin/nologin
    chrony:x:997:995::/var/lib/chrony:/sbin/nologin
    

    That's on a CentOS 7 install where user accounts start at 1000. Different distributions start user accounts at different places with 500 and 1000 being the most common.



  • I look at it the same way standard ports are used. You can usually use whatever you want, but kind of the same reasons you shouldn't.


  • Service Provider

    @Tim_G said in CentOS 7 UIDs:

    I look at it the same way standard ports are used. You can usually use whatever you want, but kind of the same reasons you shouldn't.

    I like that.


  • Service Provider

    @Tim_G said in CentOS 7 UIDs:

    I look at it the same way standard ports are used. You can usually use whatever you want, but kind of the same reasons you shouldn't.

    Ah, but I do not change ports. The bots will try the SSH protocol on all of them anyway. Once it finds the one that answers it will be added to some hackers database of known working ip/port combos and go up for sale.

    Yeah, it can clean up the log a bit just because of the sheer amount of bots that hit 22. But still you have to mitigate the same way, with things like fail2ban, SSH Keys, and IP restrictions.



  • Picture from my passwd file.
    0_1493668614105_UID.PNG

    Normally I wouldn't do this, but since this is isolated from the rest of the world for now...



  • All of the RHEL/CentOS 7 stuff I've used has started at 1000. Identity Management sets users in a random range around 1,000,000,000.


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.