What is Ubuntu's automatic UID generation behavior?
See /etc/adduser.conf
:
# FIRST_SYSTEM_[GU]ID to LAST_SYSTEM_[GU]ID inclusive is the range for UIDs
# for dynamically allocated administrative and system accounts/groups.
# Please note that system software, such as the users allocated by the base-passwd
# package, may assume that UIDs less than 100 are unallocated.
FIRST_SYSTEM_UID=100
LAST_SYSTEM_UID=999
FIRST_SYSTEM_GID=100
LAST_SYSTEM_GID=999
# FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of UIDs of dynamically
# allocated user accounts/groups.
FIRST_UID=1000
LAST_UID=29999
FIRST_GID=1000
LAST_GID=29999
And, reading the Perl script at $(type -p adduser)
or /usr/sbin/adduser
, we find this function:
sub first_avail_uid {
my ($min, $max) = @_;
printf (gtx("Selecting UID from range %d to %d ...\n"),$min,$max) if ($verbose > 1);
my $t = $min;
while ($t <= $max) {
return $t if (!defined(getpwuid($t)));
$t++;
}
return -1; # nothing available
}
What this means is: adduser
picks the first free UID between 1000 and 29999, or fails.
Exact answer: 1002, It will pick a free one.
There IS a maximum UID, 4294967295
, because UID
s are 32 bit fields, but adduser
uses a lower limit.
However, there is also /usr/sbin/useradd
BEWARE adduser
and useradd
are easily mistaken/mistyped for each other.
man useradd
tells me:
DESCRIPTION
useradd is a low level utility for adding users. On Debian,
administrators should usually use adduser(8) instead.
...
-u, --uid UID
The numerical value of the user's ID. This value must be unique,
unless the -o option is used. The value must be non-negative. The
default is to use the smallest ID value greater than or equal to
UID_MIN and greater than every other user.
See also the -r option and the UID_MAX description.
...
CONFIGURATION
The following configuration variables in /etc/login.defs change the
behavior of this tool:
...
SYS_UID_MAX (number), SYS_UID_MIN (number)
Range of user IDs used for the creation of system users by useradd
or newusers.
The default value for SYS_UID_MIN (resp. SYS_UID_MAX) is 101
(resp. UID_MIN-1).
UID_MAX (number), UID_MIN (number)
Range of user IDs used for the creation of regular users by useradd
or newusers.
The default value for UID_MIN (resp. UID_MAX) is 1000 (resp.
60000).
One reason that I use adduser
, rather than useradd
is the --encrypt-home
option to adduser
. Either one, however, could be replaced by editing a bunch of files, copying others, creating directories, etc using any UID one picks (Why, in the old days, I ...). There is nothing magic about adduser
or useradd
.
Related videos on Youtube
conradlee
Updated on September 18, 2022Comments
-
conradlee over 1 year
I'm interested in the case where a new user is generated and no UID is explicitly given, leaving Ubuntu to automatically assign a UID. I know that by default Ubuntu will generate a UID above 1000, but I want to know all about ubuntu's UID generation policy.
A good answer to this question will clear up the following points
- What if the following two UIDs are already used: 1001, 2001 - will the next auto-generated UID be 1002 or 2002?
- Is there a maximum UID? What does Ubuntu do if some account already has been assigned the maximum UID (but there are otherwise free UIDs)?
-
conradlee over 8 yearsThanks for your answer! It has led me in the right direction--however, it seems this is only true for
adduser
. The lower-leveluseradd
has different behavior (check out its manpage). If you qualify your answer to say that useradd has different behavior, I will accept it. -
muru over 8 yearsTip: When copying from a manpage, copy from the online version at manpages.ubuntu.com. The text there is wrapped at a very convenient width for a Stack Exchange post. When you copy from a terminal, the width of the terminal might make the lines too long or too short for comfortable reading.
-
muru over 8 yearsAlso: "There IS a maximum UID, 65535, because UIDs are 16 bit fields." Nope. UIDs are no longer 16 bit. Indeed, my UID on my department LDAP system is 901743, and you can see one persion using an even higher UID to test a bug in LightDM/AccountsService.