On Thu, 2022-03-03 at 14:02 +0000, Adam Thorn via samba
wrote:> On 03/03/2022 13:22, L. van Belle via samba wrote:
> > And.. Small side note, this is different per distro.
> >
> > cat /etc/adduser.conf |grep UID
> >
> > # FIRST_SYSTEM_[GU]ID to LAST_SYSTEM_[GU]ID inclusive is the range
> > for UIDs
> > # package, may assume that UIDs less than 100 are unallocated.
> > FIRST_SYSTEM_UID=100
> > LAST_SYSTEM_UID=999
> >
> > # FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of UIDs of
> > dynamically
> > FIRST_UID=1000
> > LAST_UID=29999
> >
> > So, based on that, (*a Debian Buster server)..
> >
> > Try to avoid these system ranges or at least think about these..
>
> One might also have systemd services that make use of "Dynamic
> Users":
>
> https://0pointer.net/blog/dynamic-users-with-systemd.html
>
> systemd expects to be able to use UIDs in the range 61184?65519
Why, that is a valid Unix ID range
> and I
> don't believe that's configurable.
Why not ?
> Whilst it's OK to use some UIDs in
> that range because (quoting from the above link)...
>
> "You might wonder what happens if you already used UIDs from the
> 61184?65519 range on your system for other purposes. systemd should
> handle that mostly fine, as long as that usage is properly registered
> in
> the user database: when allocating a dynamic user we pick a UID, see
> if
> it is currently used somehow, and if yes pick a different one, until
> we
> find a free one. Whether a UID is used right now or not is checked
> through NSS calls"
And that is going to slow things down.
>
> ...if you were to assign most of that UID range to users which NSS
> will
> say are in use, it might cause problems for your systemd services.
I have nothing personal against systemd, but only when it does what it
was supposed to do, be a replacement for sysv init, it has just got out
of hand now, thankfully most of the crap can be turned off.
Please don't try to 'educate' me, I will not believe you.
Rowland