username/uid restrictions

Ben Stringer ben at
Fri Dec 2 11:45:17 UTC 2005

On Fri, 2005-12-02 at 10:31 +0000, T. Horsnell wrote: 
> 'morning all,
> I see from my new RHEL4 sysadmin guide that uid's up to 500 are
> reserved for system use. When I first began setting up my
> Unix userbase some 15 years ago, I unfortunately chose to start
> at uid 100, so I now have to change the uid's of some 400 users,
> 36 million files, on a hundred or so boxes. OK, this is do-able
> and should be more-or-less 'transparent to the user'.
> (Since I'm going to make a change, should I start at 1000 and change
> the lot? How reliable is the 500?)

Hi Terry,

I also ran into this problem recently, and it was easily fixed with a
change to /etc/login.defs. Just claim UID 100 onwards as yours! 

If there are any clashes, change the system UID to something new, making
sure to modify the shadow and group files, and chown any files of the
old UID to the new UID.

> The thing that concerns me more, is the plethora of reserved
> usernames. There seems to be no rule to distinguish a reserved
> username (presumably the list in the RHEL sysadmin guide is
> going to grow) and its only a matter of time before some
> newly allocated name collides with one which has been given to
> a user. In fact, I cant find anywhere what the rules are for
> usernames. Character-set? How many chars?
> Pity that reserved names arent systematic in some way (like
> always starting with sys_ or somesuch).

As all "system" users are added by RPMs (possibly with the exeception of
root), you can query the RPM packages to find out if they create users.
Unfortunately, this looks to require some "roll-your-own" scripting.

This is not a solution to your problem, just some "tools" to make
dealing with it easier.

--- cut here ---
rpm -qa | while read package
  USERADDED=`rpm -q $package --scripts | grep useradd`
  if [ "${USERADDED}" != "" ]
     echo "package $package added user using this line"
     echo ${USERADDED}

--- cut here ---
> I'm not looking forward to the day when a new system-username
> duplicates the username of one of the directors, which he has
> had for the last 15 years, and which is also his email address 
> held on mailing lists and institutions all over the place...
> Any advice out there? 

If you _really_ want to keep a username for a real user, just change the
system name to something else. In most cases, there should be no issue,
in some cases you may need to track down and modify other packages that
depend on a given username.

Cheers, Ben

More information about the fedora-list mailing list