RenichBon
Mission Specialist
Mission Specialist
  • 727 Views

RH124, ch05s03 - System users UUID

Jump to solution

So, it says here that " ... UIDs below 200 (which system services use).".

This is no longer true; at least in RHEL 9. Regular users start at 1000 and system users are bellow that.

 

1 Solution

Accepted Solutions
Travis
Moderator
Moderator
  • 705 Views

@RenichBon -

So what you are talking about isn't unique to RHEL9 either. Regular users begin at 1000 and up, and generally specialty users have UIDs lower than 1000, so 0-999 where UID=0 is the root user. If you look more closely at what the book actually says it gives what 0-200 are generally used for and why there are slight distinctions between 201-999 UIDs. Generally the UIDs for 0-200 are well defined and understood who/what it belongs to, but the others can be assigned dynamically when needed.

https://www.redhat.com/sysadmin/user-account-gid-uid

UID Ranges

Red Hat Enterprise Linux uses specific UID numbers and ranges of numbers for specific purposes.

  • UID 0 : The superuser (root) account UID.

  • UID 1-200 : System account UIDs that are statically assigned to system processes.

  • UID 201-999 : UIDs that are assigned to system processes that do not own files on this system. Software that requires an unprivileged UID is dynamically assigned a UID from this available pool.

  • UID 1000+ : The UID range to assign to regular, unprivileged users.

 
This generalization is nothing new and very similar to network ports. There is a generally well defined listing of network ports and the "service" it should represent. However, there are times where devices incorrectly say a port belongs to a specific application based on those generalizations. I've had that a couple times as things were reporting I had a Warcraft server, but I was acually using the SPICE protocl (something similar to VNC), but in that range, there was a well known port that Warcraft used, so in the definition file, the appliance saw the port and immediately flagged it was Warcraft.
 
The big thing you need to know is user IDs for regular users are >= 1000  and anything less than 1000 is used by the system. If it is a UID that is 200 or less, not only is it a system account, but it most likely owns files or services on the system and also runs files or services on the system.
 
Well known users/groups are to name a couple:
 
apache
mysql
 
Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

View solution in original post

2 Replies
Travis
Moderator
Moderator
  • 706 Views

@RenichBon -

So what you are talking about isn't unique to RHEL9 either. Regular users begin at 1000 and up, and generally specialty users have UIDs lower than 1000, so 0-999 where UID=0 is the root user. If you look more closely at what the book actually says it gives what 0-200 are generally used for and why there are slight distinctions between 201-999 UIDs. Generally the UIDs for 0-200 are well defined and understood who/what it belongs to, but the others can be assigned dynamically when needed.

https://www.redhat.com/sysadmin/user-account-gid-uid

UID Ranges

Red Hat Enterprise Linux uses specific UID numbers and ranges of numbers for specific purposes.

  • UID 0 : The superuser (root) account UID.

  • UID 1-200 : System account UIDs that are statically assigned to system processes.

  • UID 201-999 : UIDs that are assigned to system processes that do not own files on this system. Software that requires an unprivileged UID is dynamically assigned a UID from this available pool.

  • UID 1000+ : The UID range to assign to regular, unprivileged users.

 
This generalization is nothing new and very similar to network ports. There is a generally well defined listing of network ports and the "service" it should represent. However, there are times where devices incorrectly say a port belongs to a specific application based on those generalizations. I've had that a couple times as things were reporting I had a Warcraft server, but I was acually using the SPICE protocl (something similar to VNC), but in that range, there was a well known port that Warcraft used, so in the definition file, the appliance saw the port and immediately flagged it was Warcraft.
 
The big thing you need to know is user IDs for regular users are >= 1000  and anything less than 1000 is used by the system. If it is a UID that is 200 or less, not only is it a system account, but it most likely owns files or services on the system and also runs files or services on the system.
 
Well known users/groups are to name a couple:
 
apache
mysql
 
Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
RenichBon
Mission Specialist
Mission Specialist
  • 639 Views

You are correct. Thank you for pointing it out.

0 Kudos
Join the discussion
You must log in to join this conversation.