481:
expense of additional translation steps (using idmap daemon processes), which can introduce additional failure points if local UID mapping mechanisms or databases get configured incorrectly, lost, or out of sync. The β@domainβ part of the user name could be used to indicate which authority allocated a particular name, for example in form of
480:
was intended to help avoid numeric identifier collisions by identifying users (and groups) in protocol packets using textual βuser@domainβ names rather than integer numbers. However, as long as operating-system kernels and local file systems continue to use integer user identifiers, this comes at the
298:
POSIX requires the UID to be an integer type. Most Unix-like operating systems represent the UID as an unsigned integer. The size of UID values varies amongst different systems; some UNIX OS's used 15-bit values, allowing values up to 32767, while others such as Linux (before version 2.4) supported
386:
servers) may limit themselves to using only UID numbers well above 1000, and outside the range 60000β65535, to avoid potential conflicts with UIDs locally allocated on client computers. When new users are created locally, the local system is supposed to check for and avoid conflicts with UID's
137:
of the process that creates the file. Most filesystems implement a method to select whether BSD or AT&T semantics should be used regarding group ownership of a newly created file; BSD semantics are selected for specific directories when the S_ISGID (s-gid) permission is set.
319:
Core
Specification specifies that UID values in the range 0 to 99 should be statically allocated by the system, and shall not be created by applications, while UIDs from 100 to 499 should be reserved for dynamic allocation by system administrators and post install scripts.
460:. For compatibility between 16-bit and 32-bit UIDs, many Linux distributions now set it to be 2β2 = 65,534; the Linux kernel defaults to returning this value when a 32-bit UID does not fit into the return value of the 16-bit system calls.
326:
not only reserves the range 100β999 for dynamically allocated system users and groups, but also centrally and statically allocates users and groups in the range 60000-64999 and further reserves the range 65000β65533.
269:) identify the real owner of the process and affect the permissions for sending signals. A process without superuser privileges may signal another process only if the sender's
122:
semantics, the group ownership given to a newly created file is unconditionally inherited from the group ownership of the directory in which it is created. According to
114:) of a process also affects access control and may also affect file creation, depending on the semantics of the specific kernel implementation in use and possibly the
98:
The POSIX standard introduced three different UID fields into the process descriptor table, to allow privileged processes to take on different roles dynamically:
202:
754:"for both allocation ranges: when an UID allocation takes place NSS is checked for collisions first, and a different UID is picked if an entry is found"
303:
UIDs, making 65536 unique IDs possible. The majority of modern Unix-like systems (e.g., Solaris 2.0 in 1990, Linux 2.4 in 2001) have switched to
217:
The saved user ID is used when a program running with elevated privileges needs to do some unprivileged work temporarily; changing
506:
But in practice many existing implementations only allow setting the NFSv4 domain to a fixed value, thereby rendering it useless.
110:) of a process is used for most access checks. It is also used as the owner for files created by that process. The effective GID (
606:
348:, porters who need a UID for their package can pick a free one from the range 50 to 999 and then register the static allocation.
90:
gives the current user's UID, as well as more information such as the user name, primary user group and group identifier (GID).
871:
464:
assigns the last UID of the range statically allocated for system use (0β99) to nobody: 99, and calls 65534 instead
225:) to some unprivileged value (anything other than the privileged value) causes the privileged value to be stored in
813:"NetBSD Problem Report #6594: the default "nobody" credentials (32767:9999) do not match mountd's default (-2:-2)"
633:
285:. Because a child process inherits its credentials from its parent, a child and parent may signal each other.
713:
49:(GID) and other access control criteria, is used to determine which system resources a user can access. The
764:
73:
577:
422:
systems should allocate 65536 (2) UIDs per container, and map them by adding an integer multiple of 2.
788:
456:
by several operating systems, although other values such as 2β1 = 32,767 are also in use, such as by
414:
automatic allocates of per-container UID ranges uses the range 524288-1879048191 (0x80000-0x6fffffff)
445:
65535: This value is still avoided because it was the API error return value when uid_t was 16 bits.
663:
356:
520:
419:
390:
17:
571:
8:
535:
486:
383:
316:
186:
689:
530:
525:
133:
variants), a newly created file is normally given the group ownership specified by the
405:
397:, and therefore need to allocate ranges into which remapped UIDs and GIDs are mapped:
515:
449:
493:
394:
237:, so that elevated privileges can be restored; an unprivileged process may set its
54:
46:
727:
359:
till version 6), others start at 1000 (Red Hat
Enterprise Linux since version 7,
150:) which is used explicitly for access control to the file system. It matches the
69:
411:
499:
the name of an operating-system vendor (for distribution-specific allocations)
866:
860:
126:
50:
461:
323:
115:
65:
27:
Value identifying a user account in Unix and Unix-like operating systems
550:
539:
81:
432:
155:
85:
30:
197:
permission to send them signals. Since kernel 2.0, the existence of
189:
server) to limit themselves to the file system rights of some given
836:
581:
360:
119:
351:
Some POSIX systems allocate UIDs for new users starting from 500 (
457:
345:
330:
123:
751:
812:
668:
545:
364:
337:
60001-60513: UIDs for home directories managed by systemd-homed
304:
300:
477:
401:
352:
130:
77:
58:
634:"Debian Policy Manual β Section 9.2.2: UID and GID classes"
379:
62:
378:
Central UID allocations in enterprise networks (e.g., via
367:). On many Linux systems, these ranges are specified in
502:
the name of a computer (for device-specific allocations)
33:
operating systems identify a user by a value called a
442:
is reserved by POSIX to identify an omitted argument.
340:
61184-65519 (0xef00-0xffef): UIDs for dynamic users
837:"Namespaces in operation, part 5: User namespaces"
333:defines a number of special UID ranges, including
664:"Users, groups, UIDs and GIDs on systemd systems"
858:
201:is no longer necessary because Linux adheres to
307:UIDs, allowing 4,294,967,296 (2) unique IDs.
174:is changed, the change is propagated to the
154:unless explicitly set otherwise. It may be
241:to one of only three values: the value of
658:
656:
654:
628:
626:
393:can remap user identifiers, e.g. using
233:can be set back to the value stored in
14:
859:
651:
586:
146:Linux also has a file system user ID (
141:
623:
93:
101:
714:"Chapter 6. Special Considerations"
418:The systemd authors recommend that
221:from a privileged value (typically
209:remains for compatibility reasons.
24:
404:maps UIDs and GIDs into the range
310:
25:
883:
596:. No Starch Press, 2010, p. 171.
425:
185:is to permit programs (e.g., the
448:Nobody: Historically, the user "
212:
57:to UIDs. UIDs are stored in the
829:
805:
781:
757:
594:The Linux Programming Interface
472:
435:normally has a UID of zero (0).
256:
205:rules for sending signals, but
72:archives, and the now-obsolete
745:
720:
706:
682:
599:
563:
288:
13:
1:
752:https://systemd.io/UIDS-GIDS/
556:
80:-compliant environments, the
611:Refspecs.linuxfoundation.org
7:
872:Unix file system technology
690:"FreeBSD Porter's Handbook"
509:
129:semantics (also adopted by
118:options used. According to
74:Network Information Service
10:
888:
45:. The UID, along with the
387:already existing on NSS'
580:User Commands Reference
357:Red Hat Enterprise Linux
521:File system permissions
420:OS-level virtualization
391:OS-level virtualization
293:
37:, often abbreviated to
728:"RHEL7 System changes"
170:is root. Whenever the
817:GnaNFSv4ts.netbsd.org
229:. Later, a program's
68:, running processes,
193:without giving that
536:Security Identifier
452:" was assigned UID
375:and similar tools.
317:Linux Standard Base
277:matches receiver's
158:'s user ID only if
142:File system user ID
106:The effective UID (
793:Pubs.opengroup.org
769:Pubs.opengroup.org
592:Kerrisk, Michael.
531:Process identifier
526:Open (system call)
249:, or the value of
94:Process attributes
607:"9.3. UID Ranges"
516:FAT access rights
408:(0x80000-0x8ffff)
102:Effective user ID
16:(Redirected from
879:
851:
850:
848:
847:
833:
827:
826:
824:
823:
809:
803:
802:
800:
799:
785:
779:
778:
776:
775:
761:
755:
749:
743:
742:
740:
739:
724:
718:
717:
710:
704:
703:
701:
700:
686:
680:
679:
677:
676:
660:
649:
648:
646:
645:
630:
621:
620:
618:
617:
603:
597:
590:
584:
575:
574:
567:
494:Active Directory
467:
455:
441:
395:Linux namespaces
374:
370:
284:
280:
276:
272:
268:
265:) and real GID (
264:
252:
248:
244:
240:
236:
232:
228:
224:
220:
208:
200:
196:
192:
184:
177:
173:
169:
165:
161:
153:
149:
136:
113:
109:
88:
47:group identifier
21:
887:
886:
882:
881:
880:
878:
877:
876:
857:
856:
855:
854:
845:
843:
835:
834:
830:
821:
819:
811:
810:
806:
797:
795:
787:
786:
782:
773:
771:
763:
762:
758:
750:
746:
737:
735:
726:
725:
721:
712:
711:
707:
698:
696:
688:
687:
683:
674:
672:
662:
661:
652:
643:
641:
632:
631:
624:
615:
613:
605:
604:
600:
591:
587:
570:
569:
568:
564:
559:
512:
475:
465:
453:
439:
428:
372:
369:/etc/login.defs
368:
313:
311:Reserved ranges
296:
291:
282:
278:
274:
270:
266:
262:
259:
250:
246:
245:, the value of
242:
238:
234:
230:
226:
222:
218:
215:
206:
198:
194:
190:
182:
175:
171:
167:
163:
159:
151:
147:
144:
134:
111:
107:
104:
96:
86:
35:user identifier
28:
23:
22:
15:
12:
11:
5:
885:
875:
874:
869:
853:
852:
828:
804:
780:
756:
744:
719:
705:
681:
650:
622:
598:
585:
561:
560:
558:
555:
554:
553:
548:
543:
533:
528:
523:
518:
511:
508:
504:
503:
500:
497:
490:
474:
471:
470:
469:
446:
443:
438:β1: The value
436:
427:
426:Special values
424:
416:
415:
412:systemd-nspawn
409:
342:
341:
338:
312:
309:
295:
292:
290:
287:
261:The real UID (
258:
255:
214:
211:
181:The intent of
143:
140:
103:
100:
95:
92:
26:
9:
6:
4:
3:
2:
884:
873:
870:
868:
865:
864:
862:
842:
838:
832:
818:
814:
808:
794:
790:
784:
770:
766:
760:
753:
748:
733:
732:Certdepot.net
729:
723:
715:
709:
695:
691:
685:
671:
670:
665:
659:
657:
655:
639:
635:
629:
627:
612:
608:
602:
595:
589:
583:
579:
576: β
573:
566:
562:
552:
549:
547:
544:
541:
537:
534:
532:
529:
527:
524:
522:
519:
517:
514:
513:
507:
501:
498:
495:
491:
488:
484:
483:
482:
479:
463:
459:
451:
447:
444:
437:
434:
430:
429:
423:
421:
413:
410:
407:
406:524288-589823
403:
400:
399:
398:
396:
392:
388:
385:
381:
376:
366:
362:
358:
354:
349:
347:
339:
336:
335:
334:
332:
328:
325:
321:
318:
308:
306:
302:
286:
254:
213:Saved user ID
210:
204:
188:
179:
157:
139:
132:
128:
127:UNIX System V
125:
121:
117:
99:
91:
89:
83:
79:
75:
71:
67:
64:
60:
56:
53:maps textual
52:
51:password file
48:
44:
40:
36:
32:
19:
844:. Retrieved
840:
831:
820:. Retrieved
816:
807:
796:. Retrieved
792:
783:
772:. Retrieved
768:
759:
747:
736:. Retrieved
734:. 2016-01-17
731:
722:
708:
697:. Retrieved
693:
684:
673:. Retrieved
667:
642:. Retrieved
640:. 2019-07-18
637:
614:. Retrieved
610:
601:
593:
588:
578:Solaris 11.4
565:
538:(SID) β the
505:
476:
473:Alternatives
462:Fedora Linux
417:
389:
377:
350:
343:
329:
324:Debian Linux
322:
314:
297:
260:
257:Real user ID
216:
180:
145:
105:
97:
42:
38:
34:
29:
694:Freebsd.org
496:domain name
289:Conventions
66:file system
861:Categories
846:2016-09-24
822:2016-09-24
798:2016-09-24
774:2016-09-24
765:"Getpwuid"
738:2017-03-22
699:2016-09-24
675:2020-09-26
644:2019-07-26
638:Debian.org
616:2016-09-24
557:References
551:Sticky bit
542:equivalent
540:Windows NT
489:realm name
440:(uid_t) -1
55:user names
466:nfsnobody
433:superuser
31:Unix-like
572:chmod(1)
510:See also
487:Kerberos
361:openSUSE
124:AT&T
120:BSD Unix
84:command
841:Lwn.net
789:"Chown"
458:OpenBSD
431:0: The
373:useradd
346:FreeBSD
331:Systemd
61:of the
39:user ID
18:User ID
669:GitHub
582:Manual
546:setuid
450:nobody
371:, for
365:Debian
305:32-bit
301:16-bit
59:inodes
478:NFSv4
402:snapd
353:macOS
207:fsuid
203:SUSv3
199:fsuid
183:fsuid
176:fsuid
166:, or
148:fsuid
131:Linux
116:mount
82:shell
78:POSIX
76:. In
867:Unix
382:and
380:LDAP
315:The
294:Type
283:suid
279:ruid
275:euid
271:ruid
267:rgid
263:ruid
251:euid
247:suid
243:ruid
239:euid
235:suid
231:euid
227:suid
219:euid
172:euid
168:euid
164:suid
160:ruid
156:root
152:euid
135:egid
112:egid
108:euid
63:Unix
492:an
384:NFS
344:On
281:or
273:or
195:uid
191:uid
187:NFS
70:tar
43:UID
41:or
863::
839:.
815:.
791:.
767:.
730:.
692:.
666:.
653:^
636:.
625:^
609:.
485:a
454:-2
363:,
355:,
253:.
178:.
162:,
87:id
849:.
825:.
801:.
777:.
741:.
716:.
702:.
678:.
647:.
619:.
468:.
223:0
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.