[Pkg-shadow-devel] UID == (uid_t)-1

Nicolas François nicolas.francois at centraliens.net
Tue Feb 24 23:41:19 UTC 2009

On Tue, Feb 24, 2009 at 10:49:05AM -0500, vapier at gentoo.org wrote:
> On Tuesday 24 February 2009 10:29:28 Peter Vrabec wrote:
> > what do you think about this patch? I'm afraid uid = -1 should not be
> > allowed. It's a problem for chown at least.
> to be clear, we're talking about the behavior the POSIX set of chown() 
> functions require, not so much the chown binary ... although the former 
> implies the same behavior in the latter ...
> having shadow reject attempts to utilize uid of -1 sounds sane to me

No problem with me neither.

I will forbid the creation of user (resp. group) whose ID evaluates as
(uid_t)-1 (resp. (gid_t)-1).
(This impacts useradd, usermod, newusers, groupadd, groupmod, pwconv,
pwunconv, grpconv, grpunconv, vipw)

I will also add a check in pwck and grpck.

However, I will still support UID and GID set to -1 if this user or group
already exists.
(e.g. using chage, gpasswd, passwd, userdel, lastlog, faillog, etc.)

Best Regards,

More information about the Pkg-shadow-devel mailing list