summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 10:23:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 10:23:34 +0000
commit35962ed6b09ac995d663aeb7ab0287743cecc24c (patch)
tree24a36570c53b15b3bd6e955054f8c4846db0e262 /docs
parentAdding debian version 252.22-1~deb12u1. (diff)
downloadsystemd-35962ed6b09ac995d663aeb7ab0287743cecc24c.tar.xz
systemd-35962ed6b09ac995d663aeb7ab0287743cecc24c.zip
Merging upstream version 252.23.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs')
-rw-r--r--docs/UIDS-GIDS.md32
1 files changed, 16 insertions, 16 deletions
diff --git a/docs/UIDS-GIDS.md b/docs/UIDS-GIDS.md
index db4cac4..d52a5b8 100644
--- a/docs/UIDS-GIDS.md
+++ b/docs/UIDS-GIDS.md
@@ -21,7 +21,7 @@ validity for GIDs too.
In theory, the range of the C type `uid_t` is 32bit wide on Linux,
i.e. 0…4294967295. However, four UIDs are special on Linux:
-1. 0 → The `root` super-user
+1. 0 → The `root` super-user.
2. 65534 → The `nobody` UID, also called the "overflow" UID or similar. It's
where various subsystems map unmappable users to, for example file systems
@@ -57,20 +57,20 @@ Distributions generally split the available UID range in two:
2. 1000…65533 and 65536…4294967294 → Everything else, i.e. regular (human) users.
-Note that most distributions allow changing the boundary between system and
-regular users, even during runtime as user configuration. Moreover, some older
-systems placed the boundary at 499/500, or even 99/100. In `systemd`, the
-boundary is configurable only during compilation time, as this should be a
-decision for distribution builders, not for users. Moreover, we strongly
-discourage downstreams to change the boundary from the upstream default of
-999/1000.
+Some older systems placed the boundary at 499/500, or even 99/100,
+and some distributions allow the boundary between system and regular users to be changed
+via local configuration.
+In `systemd`, the boundary is configurable during compilation time
+and is also queried from `/etc/login.defs` at runtime,
+if the `-Dcompat-mutable-uid-boundaries=true` compile-time setting is used.
+We strongly discourage downstreams from changing the boundary from the upstream default of 999/1000.
Also note that programs such as `adduser` tend to allocate from a subset of the
-available regular user range only, usually 1000..60000. And it's also usually
-user-configurable, too.
+available regular user range only, usually 1000..60000.
+This range can also be configured using `/etc/login.defs`.
Note that systemd requires that system users and groups are resolvable without
-networking available — a requirement that is not made for regular users. This
+network — a requirement that is not made for regular users. This
means regular users may be stored in remote LDAP or NIS databases, but system
users may not (except when there's a consistent local cache kept, that is
available during earliest boot, including in the initrd).
@@ -155,15 +155,15 @@ The most important boundaries of the local system may be queried with
`pkg-config`:
```
-$ pkg-config --variable=systemuidmax systemd
+$ pkg-config --variable=system_uid_max systemd
999
-$ pkg-config --variable=dynamicuidmin systemd
+$ pkg-config --variable=dynamic_uid_min systemd
61184
-$ pkg-config --variable=dynamicuidmax systemd
+$ pkg-config --variable=dynamic_uid_max systemd
65519
-$ pkg-config --variable=containeruidbasemin systemd
+$ pkg-config --variable=container_uid_base_min systemd
524288
-$ pkg-config --variable=containeruidbasemax systemd
+$ pkg-config --variable=container_uid_base_max systemd
1878982656
```