This is more of a question than a request, I am starting to encounter maintenance hassles with /etc/passwd due to ongoing account removals/adds. The UID's are approaching 999 which I understand to be the upper limit, however there are many gaps between 100 > 999 from accounts that have been removed. I would much prefer if the UID's in my passwd file looked like:
rather than the current file which is more like:
Firstly, is it a good idea to try to "compress" the gaps out of the UID's so that the highest UID is immediately prior to the first available UID? If so, is there an easy way to do this?
Any opinions/advice welcome.
Currently my adds are done via a script which grabs the highest UID and starts inserting users in sequence upwards from that UID. Obviously, I'm screwed if the highest UID is already at 999. I suppose the other solution would be to smarten up the script to find the earliest gap in the UID's and insert there, but I still like the idea of having a nice clean passwd file for other tasks like user auditing.
Depends on your system, but if there is a limit, it's probably not 999. It shouldn't matter anyway, as it ought to be able to use the gaps. What is your system?
Well uname -a says:
Linux fxxx 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux
You may be right about the upper limit, I read that it is 999 but I've just found:
65534 nfsnobody
... which is a lot higher than 999. Mind you, all the user accounts on these systems are 'admin' type accounts, not regular users, and I read that UIDs 100 > 999 are reserved for this type of account.
I know I can utilise the gaps but I want to prevent the UID's from becoming sparse because it just seems tidier to me; I'd also like to make sure that they appear in ascending order. It's been some time since I studied this at uni but at the time I was taught to keep them in ascending order for some reason. Maybe I need to check my facts?
Last edited by dan-e; 05-09-2011 at 02:15 AM..
Reason: typo
if your system is similiar below files (so like redhat variants) you can try to check these
nfsnobody is a special user which used restrict root access with mapping (rpc.idmapd) root id to nfsnobody id with root_squash option that is nfsmount default.
usually it's id is 65534 (16 bit systems ) or 4294967294 (32 bit systems and probably 64 bit) for prevent the ID from running into a valid user or group ID in the nfs server.
regards
ygemici
Last edited by ygemici; 05-09-2011 at 04:33 AM..
Reason: user name correcting
If you work in any kind of environment that may persist over many years, or may audited you should never change or reuse a UID.
Again my opinion.
I have put a lot of effort into giving one person one UID on our systems and that UID is never retired or given to another person. This way if I restore an old file I have the correct owner for it. I also find that employees and contractors come and go several times.
I have also synchronized the UIDs between all the AIX, HP and linux servers. Very useful if you share files across servers.
The biggest reasons though are accountability and auditability.
mmm good points there, but if you don't retire UID's how do you lock out the accounts when a contractor leaves (i.e The best way to do that?)? Also, unfortunately I generally can't follow your recommendations because our governance department forces me to remove accounts associated with employees that have left the organisation (or no longer have anything to do with our platforms).
---------- Post updated at 09:23 AM ---------- Previous update was at 09:16 AM ----------
Quote:
Originally Posted by Corona688
This is not a good enough reason to do something that could potentially mess up your system.
I know, the other reason is that I don't really have the skills to fix my bulk user-add script to pop users into low-unused UID's, it currently just goes from the highest existing UID so inevitably I'll end up with a very sparse set of UID's unless I find a way to fix that script Then again, if there's > 32k UIDs available this isn't even an issue, I was under the impression that I only had 99 > 999 to play with, but that seems to be wrong.
i booted into maintenance mode
boot -- -s
from the console
I got the
Root password for system maintenance (control-d to bypass)
I did control -d
and then logged in
it told me that I was booting into boot -s
but after I did a control -d and logged in
who -r shows
... (9 Replies)
Hi Folks,
I have Solaris 10, latest release.
We have passwd aging set in /etc/defalut/passwd.
I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging.
When I reset the users passwd using passwd command, it re enables... (3 Replies)
Hi Guys
i wonder if anyone can help. i want to create a script that checks multiple servers for disk space availible, cpu usage for past 24 hours. as well as check if all the hardware components are still doing their jobs. i will be doing this in the tcsh, can anyone help? OS = Sun Solaris 5.10... (2 Replies)
hELLO PEOPLE I AM DETECTING IN THE MIRROR ON MY SPARC THAT IS A DISK ASKING FOR MAINTENANCE.
d0: Mirror
Submirror 0: d10
State: Needs maintenance
Submirror 1: d20
State: Needs maintenance
Pass: 1
Read option: roundrobin (default)
Write option: parallel... (0 Replies)
How are libraries created and maintained? I tried the following to add prog.o to an existing library
ar -r library.so prog.o
but the output is "File format not recognized", on the other hand
nm --print-armap library.so
does print a table of contents. (2 Replies)
I gurus of Solaris,
I need to do a Procedure concerning in the Maintenance of Solaris Server.
What are the parameters that I must be see Periodically in a Server.
For example the space I (df -h) must be each week.- In this server exist a Database aplication (Oracle), and log's that increase or... (4 Replies)
Hello
I have a question.
I have several box with
$ oslevel -s
5300-06-01-0000
My questions are:
1.-How long I can keept my actual technology level (in time) before I updated to the next technology level?
My other question is If I have to update to the next technology level.
... (2 Replies)
Discussion started by: lo-lp-kl
2 Replies
9. Post Here to Contact Site Administrators and Moderators
Just a remark now the board has grown to considerable proportion. I see too little of an active hand(s) maintaning the boards, clipping away dead posts, moving posts that were created in the wrong forums etc. It's a bit tiring to see alot of threads ending in: this has been covered before, do a... (7 Replies)