Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[Solved] Set new 'System: Access: User' UID ?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Solved] Set new 'System: Access: User' UID ? (Read 1885 times)
ajm
Jr. Member
Posts: 62
Karma: 6
[Solved] Set new 'System: Access: User' UID ?
«
on:
February 22, 2022, 11:12:24 am »
I've searched the docs and forum without a result.
How can I specify the unix UID of accounts created via
'System: Access: Users'
?
The default seems to be to start numbering them from 2000, I'd like to start from 1000, or simply specifiy the UID at account creation.
«
Last Edit: February 22, 2022, 12:12:23 pm by ajm
»
Logged
ajm
Jr. Member
Posts: 62
Karma: 6
Re: Set new 'System: Access: User' UID ?
«
Reply #1 on:
February 22, 2022, 11:26:27 am »
OK, so my fix for this was:
1. Create new user account via GUI
2. Backup config to XML
3. Delete user account via GUI
4. Edit XML, change value of
<uid>
to desired UID <n>
5. Edit value of
<nextuid>
&
<nextgid>
to <n+1>.
6. Restore edited XML & reboot
7. Account is recreated at startup with desired UID
8. Accounts created subsequently via GUI start as desired at <n+1>.
Is there any drawback to this approach ?
«
Last Edit: February 22, 2022, 12:12:07 pm by ajm
»
Logged
franco
Administrator
Hero Member
Posts: 17570
Karma: 1596
Re: [Solved] Set new 'System: Access: User' UID ?
«
Reply #2 on:
February 22, 2022, 12:58:46 pm »
Hi,
There is a hardcoded reference to the UID below "2000" ignoring those for user sync:
https://github.com/opnsense/core/blob/master/src/etc/inc/auth.inc#L261
It could be problematic, but I wonder if we could remove it to make the nextgid/nextuid alteration easily possible.
One special case is the GUI 1999 which is the default admin group, but I suppose you can move this GID to n - 1 in your case and the next reboot should be fine.
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17570
Karma: 1596
Re: [Solved] Set new 'System: Access: User' UID ?
«
Reply #3 on:
February 22, 2022, 01:00:33 pm »
PS: You can always change nextuid first before creating any users and move the ones that are there already out of the way manually.
Logged
ajm
Jr. Member
Posts: 62
Karma: 6
Re: [Solved] Set new 'System: Access: User' UID ?
«
Reply #4 on:
February 22, 2022, 01:04:57 pm »
OK, great, thanks !
Logged
franco
Administrator
Hero Member
Posts: 17570
Karma: 1596
Re: [Solved] Set new 'System: Access: User' UID ?
«
Reply #5 on:
February 22, 2022, 01:24:09 pm »
From the looks of it we need to keep this code treating uid 2000 - 65000 as special because what it tries to do is remove all users in that range that are no longer in the configuration assuming they were all automatically handled by us.
What this means is the system will not remove users below uid 2000 until the next reboot if the config was somehow manipulated except for GUI user removal... reasons for this are backup restores or high availability syncs, but the implications are rather irrelevant if you don't have of those automated user drops implemented.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[Solved] Set new 'System: Access: User' UID ?