Debianhelp.co.uk

 Usernames and User IDs in Debian Linux

Each user of a UNIX system such as Debian has a username which uniquely identifies them. Usernames are associated with user IDs (or UIDs), and in fact it is the UID which the underlying system uses to identify users; usernames, however, are more mnemonic and tend to be used for most day-to-day purposes.

 

Usernames are typically composed of alphanumeric characters, that is letters and numbers. Most usernames are forms of the user's own name (for instance "test", "testnew", or "tnew") or relate to a role or a pseudo-user created for the purpose of administering part of the system, for instance "root" (for the superuser account) and "www-data" (for the account which owns and runs web servers and related services under Debian).

 

UIDs are numbers from zero to 65534. The numbers are grouped as follows:

 

UIDs 0-99 are globally allocated by the Debian project and are used for system accounts. The "root" account, for instance, is UID 0.

 

UIDs 100-999 are for system users which have not been allocated by the Debian project.

 

UIDs 1000-29999 are normal user accounts.

 

UID 65534 is user "nobody", an account with no rights or permissions.

 

Users may usually be referred to by either username or UID.

 Groups and Group IDs in Debian Linux

Groups are used to refer to logical groups of users on the system. Groups have group IDs (GIDs) just as users have UIDs, and the numeric ranges for different types of groups are the same as those for users.

 

A typical example of a group on the system might be "webadmin" where people who administer a website might be grouped together. This would allow users to create files and directories to which all of the "webadmin" group had read or write access.

 

Groups may usually be referred to by either their name or GID.

 

0-99:

Globally allocated by the Debian project, the same on every Debian system. These ids will appear in the passwd and group files of all Debian systems, new ids in this range being added automatically as the base-passwd package is updated.

Packages which need a single statically allocated uid or gid should use one of these; their maintainers should ask the base-passwd maintainer for ids.

100-999:

Dynamically allocated system users and groups. Packages which need a user or group, but can have this user or group allocated dynamically and differently on each system, should use adduser --system to create the group and/or user. adduser will check for the existence of the user or group, and if necessary choose an unused id based on the ranges specified in adduser.conf.

1000-29999:

Dynamically allocated user accounts. By default adduser will choose UIDs and GIDs for user accounts in this range, though adduser.conf may be used to modify this behavior.

30000-59999:

Reserved.

60000-64999:

Globally allocated by the Debian project, but only created on demand. The ids are allocated centrally and statically, but the actual accounts are only created on users' systems on demand.

These ids are for packages which are obscure or which require many statically-allocated ids. These packages should check for and create the accounts in /etc/passwd or /etc/group (using adduser if it has this facility) if necessary. Packages which are likely to require further allocations should have a "hole" left after them in the allocation, to give them room to grow.

65000-65533:

Reserved.

65534:

User nobody. The corresponding gid refers to the group nogroup.

65535:

(uid_t)(-1) == (gid_t)(-1) must not be used, because it is the error return sentinel value.