[Solved] Set new 'System: Access: User' UID ?

[ajm]

I've searched the docs and forum without a result.

How can I specify the unix UID of accounts created via 'System: Access: Users' ?

The default seems to be to start numbering them from 2000, I'd like to start from 1000, or simply specifiy the UID at account creation.

[ajm]

OK, so my fix for this was:

1. Create new user account via GUI
2. Backup config to XML
3. Delete user account via GUI
4. Edit XML, change value of <uid> to desired UID <n>
5. Edit value of <nextuid> & <nextgid> to <n+1>.
6. Restore edited XML & reboot
7. Account is recreated at startup with desired UID
8. Accounts created subsequently via GUI start as desired at <n+1>.

Is there any drawback to this approach ?

[franco]

Hi,

There is a hardcoded reference to the UID below "2000" ignoring those for user sync:

https://github.com/opnsense/core/blob/master/src/etc/inc/auth.inc#L261

It could be problematic, but I wonder if we could remove it to make the nextgid/nextuid alteration easily possible.

One special case is the GUI 1999 which is the default admin group, but I suppose you can move this GID to n - 1 in your case and the next reboot should be fine.


Cheers,
Franco

[franco]

PS: You can always change nextuid first before creating any users and move the ones that are there already out of the way manually.

[ajm]

OK, great, thanks !

[franco]

From the looks of it we need to keep this code treating uid 2000 - 65000 as special because what it tries to do is remove all users in that range that are no longer in the configuration assuming they were all automatically handled by us.

What this means is the system will not remove users below uid 2000 until the next reboot if the config was somehow manipulated except for GUI user removal... reasons for this are backup restores or high availability syncs, but the implications are rather irrelevant if you don't have of those automated user drops implemented.


Cheers,
Franco