Re: Predefined User Accounts

Trevor

User IDs "1-99" are used for predefined accounts.

What are these accounts used for?

Trevor "Red Hat Evangelist" Chandler

Travis

Typically anything below 1000 is some type of system or service account with regular user accounts beginning at 1000. The 1-99 are super special accounts that aren't real users that are reserved for system accounts for installed services like HTTPD (apache), MySQL, KVM, etc.

You can see a list of users in /usr/share/doc/setup/uidgid

You can see the list of users on your system with analyzing the /etc/passwd file.

awk -F: '$3 >= 1 && $3 <= 99 {print $1, $3}' /etc/passwd
bin 1
daemon 2
adm 3
lp 4
sync 5
shutdown 6
halt 7
mail 8
operator 11
games 12
ftp 14
dbus 81
tss 59
avahi 70
apache 48
gdm 42
rpc 32
rpcuser 29
sshd 74
tcpdump 72

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

Chetan_Tiwary_

@Trevor

In Linux systems, the initial range of user IDs (UIDs 0 through 99) is strictly reserved for core system accounts. These IDs are statically assigned, meaning they are hardcoded into the operating system to ensure consistency. For instance, the bin user is traditionally assigned UID 2. You can count on this remaining the same across any distribution that adheres to standard Linux specifications.

A defining trait of these system accounts is that they are NOT intended for human interaction. If you examine the /etc/passwd file, you will notice that these users almost always have their shell designated as /usr/sbin/nologin. This security measure prevents anyone from logging into them directly, as these accounts exist solely to run background processes and system services rather than to provide a standard user environment.

bonnevil

Strictly speaking, as Red Hat System Administration I (RH124) puts it, on recent RHEL the UID sets are:

0: Always the root user
1-200: System accounts, statically allocated
201-999: System accounts, dynamically allocated
1000+: Normal user accounts or accounts assigned by the sysadmin

The static assignments for RHEL are recorded in the /usr/share/doc/setup/uidgid file provided by the setup RPM package, as @Travis mentioned. This is a highly limited resource and packagers need special approval to use one of these UIDs; they're mostly used up. If we suddenly need a bunch more, it'd limit how many reserved UIDs there are for dynamic assignment. (These ranges have changed over time.)

Dynamic system user assignment used to be manually managed when packages were installed by running useradd with specific options in RPM scriptlets. In RHEL 10, this is managed by the packages working with systemd-sysusers and the /usr/lib/sysusers.d files (see the sysusers.d(5) man page for more about this).

One exception to this set of ranges is UID 65534 "nobody", which was assigned to be the "kernel overflow UID" by the kernel.overflowuid sysctl. Traditionally, if a system that only supported 16-bit UIDs saw something assigned a standard 32-bit UID, it'd use UID -1 (which is 65534 on a 16-bit system), and the user was used for a few other things as well. On RHEL pre-RHEL 8, this UID was "nfsnobody" and "nobody" was UID 99.

I wouldn't say these aren't "real" users -- they're as real as other unprivileged accounts used by a human. They're just not used by human users as personal accounts, they're to contain individual applications and programs.

bonnevil

https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/ provides RPM packager guidance for using user and group accounts for Fedora Linux, which is very similar to what RHEL does.

Sunnykumar1

Hello @Trevor

UIDs 1–99 are used for:

System services (like daemon, bin, sys)

Server processes (like www-data, mail, ftp)

Background tasks

Packages that require their own user (e.g., mysql, postgres, sshd in some distros)

Tracy_Baker

There is one more thing...

Can two users have the same UID? The answer is yes, they can. Including the root account (UID 0).

useradd and usermod both have a -o option which allow non-unique UID.

Adding a "second" root user:

Verifying its existence:

Logging on as t.baker - using t.baker's password - takes me to root's account:

----

I perform this demonstration with my students to drive home the point that (1) two user accounts with the same UID can exist, (2) the system uses numbers, not names, and (3) it's important that you understand the layout of /etc/passwd

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College

Ad_astra

If I have learnt one new thing today; it's this!

Just goes to show that there is always something new to learn. Now I need to go and dig deeper on the subject.

This is why I love the community.

Great post.

Great thread!

Thanks all.

AA

bonnevil

FreeBSD and NetBSD have historically had a 'toor' account that also had UID O. Confused the heck out of new folks. I think their root used to have /bin/tcsh and toor used to have /bin/sh as the default shells, but I think they use /bin/sh (not Bash!) for both now. But it's been a while.

It's best to think that from the system's perspective, the UID is the unique user identifier, and things like /etc/passwd provide mappings of names to the UID. I think most of us in Linux consider two different account names sharing a UID an anti-pattern.

Predefined User Accounts

linux

Platform

RHEL