[Samba] Back with my UID problems

[Rowland Penny]

On 27/02/15 01:10, Brett Wynkoop wrote:
> On Fri, 27 Feb 2015 00:18:24 +0000
> Rowland Penny <rowlandpenny at googlemail.com> wrote:
>
>
>> 34, you are seriously using 34 for a standard user id number ? You
>> shouldn't use anything below 1000 for a normal user, these low
>> numbers are reserved for system use and you have run into a problem
>> that can only be fixed by not using such low numbers. The 3000014
>> number is coming from idmap.ldb but the group number is coming
>> from /etc/group (or whatever it is called on freebsd)
>>
>> Rowland
> Rowland-
>
> Again wind issues forth with no meaning.
>
> Where does your "Wisdom" about no UID below 1000 come from?
>
> Back 30 years ago when I started with Unix, and this network was first
> set up the normal practice was to start regular users at 100, with
> below 100 being reserved for SYSTEMS STAFF and System Processes.
> Typically on a stock Sun box running NIS the NIS maps were built
> starting at 100 and systems staff were below that so that if NIS failed
> systems staff could still log into a box to fix things.
>
> As I recall the UID starting convention for POSIX systems started to
> creep higher than 100 with the copy-cat called Gnu/Linux.  If I recall
> correctly the first time I saw 501 as a default starting UID was with
> Debian years ago.  Every Mac that rolls off the factory floor is set to
> start ordinary users at 501 today.  Yes many of the various GNU/Linux
> distributions have adopted 1000 and above for REGULAR USERS, but there
> is no technical reason for it, and in fact unless, as is the case with
> NIS, there is a table saying do not put this UID in the map there is no
> reason that 34 should not happily go into the Samba directory service.
>
> I will take a moment to point out in the case of NIS it was, and is
> possible by changing a single thing in the Makefile used for making the
> maps to set whatever cutoff UID you wish, and to include random UIDs in
> the maps as well.
>
> I would submit that if Samba can not do this then Samba 4 is broken.
> What is even more broken is that samba-tool silently accepted 34 as a
> UID and created the samba user.  If UIDs below 1000 are forbidden then a
> properly written program would have thrown an exception.
>
> There are many TB of data on the network.  Most of the UIDs are below
> 1000, in fact most are below 500.
>
> Can you provide considered technical reasons that Samba can NO LONGER
> HANDLE whatever UID the admin wishes to assign?
>
> It would seem to me what you said is "You found a bug and the samba
> core team does not want to fix it", but what do I know I have only been
> hacking on Unix boxes since about 1982 or 1983.
>
> If anyone else on the list has insight into the situation I would
> appreciate hearing from you.  I am too involved in the FreeBSD arm port
> to devote time to reading the samba sources to find the bug.
>
> -Brett
>
>

OK, somebody joins your network with a debian machine (for instance), 
now you might say this will never happen, but it could. You will now 
find that if your user '34' logs in, their group is no longer 'wheel' it 
is 'backup'. That is why it is better to stay away from using id numbers 
below 1000.

You can use whatever id numbers you like, but don't be surprised if and 
when, using such low numbers, they come back and bite you in the behind.

Also, don't think you know everything just because you have been using 
Unix since 1982, things have changed a lot since then, but it sounds 
like you haven't. I personally think that you are leaving one hell of a 
mess for the poor unfortunate that follows on from you, after you retire.

Rowland