Overview#

UidNumber ()user identifier, often abbreviated UID) is used in Unix Linux like and POSIX Operating Systems identify a user by a value called a user identifier. UidNumber or UID, along with the group identifier (GID or GidNumber) and other access control criteria, is used to determine which system resources a entity can access. The passwd file maps textual user names to UidNumbers. UIDs are stored in the inodes of the Unix File System, running processes, tar archives, and the now-obsolete Network Information Service (NIS). In POSIX-compliant environments, the command-line command id gives the current user's UidNumber, as well as more information such as the user name, primary user group and group identifier (GID).UidNumber the UID or UserId) which is a number assigned by Linux and UNIX to each user on the system. This number is used to identify the user to the system and to determine which system resources the user can access. UidNumber is the AttributeType used in LDAP for the storing the number

POSIX requires the UID to be an integer type. Most Unix-like Operating System represent the UID as an unsigned integer. The size of UidNumber values varies amongst different systems; some UnixLinux Operating Systems used 15-bit values, allowing values up to 32,767, while others such as Linux (before version 2.4) supported 16-bit UidNumbers, making 65,536 UidNumbers possible. The majority of modern Unix-like systems (e.g., Solaris-2.0 in 1990, Linux 2.4 in 2001) have switched to 32-bit UidNumbers, allowing 4,294,967,296 (232) UidNumbers.

LDAP Attribute Definition#

The UidNumber AttributeTypes is defined as:

Special values#

  • 0: The superuser normally has a UidNumber of zero (0).[10]
  • −1: The value (uid_t) -1 is reserved by POSIX to identify an omitted argument.[11]
  • 65535: This value is still avoided because it was the API error return value when uid was 16 bits.
  • Nobody: Historically, the user "nobody" was assigned UID -2 by several Operating System, although other values such as 215−1 = 32,767 are also in use, such as by OpenBSD.
    For compatibility between 16-bit and 32-bit UIDs, many Linux distributions now set it to be 216−2 = 65,534; the Linux kernel defaults to returning this value when a 32-bit UID does not fit into the return value of the 16-bit system calls.[13] Fedora Linux assigns the last UID of the range statically allocated for system use (0-99) to nobody: 99, and calls 65534 instead nfsnobody.

Even more complex is the situation around nobody. The user nobody and group nogroup came from the NFS software and was defined as being having the highest UidNumber, since the function was oposite to the root:

  • 16-bit systems: 65,536 unique UidNumbers
  • 32-bit systems: 4,294,967,296 unique UidNumbers

This resulted in some confusion. To this confusion was added the use of using -2 for the nobody ID, as was done by the software itself if nobody and nogroup where not defined. GNU/Linux distribution creators defined the account as 65534, however Red Hat supplied under that UidNumber nfsnobody with another nobody having UidNumber 99. And there is nogroup usage, but also groups that are called nobody. All in all a rough overview of what is used where can be created like this:

IDsUsage
-2nobody on AIX and MacOS
0-99Unix local users and groups, statically assigned
99Red Hat based system nobody user and group UidNumber
100-499Unix local users and groups, dynamic
529Used as UidNumber for nobody on some systems (and not used by Microsoft)
32767Historic reservation for nobody (have not find any use)
60001Nobody on IRIX and SunOS
65530-65535Unix nobody user and (no)group (Debian and nfsnobody RHEL)
4294967292Group-owner on Isilon BSD
4294967293Null user on Isilon BSD
4294967294Everyone on Isilon BSD
4294967295Nobody (32-bit)
!! More Information There might be more information for this subject on one of the following:
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop