[Pkg-shadow-devel] Reallocating UIDs of deleted accounts

Iker Pedrosa ipedrosa at redhat.com
Tue May 26 11:31:43 BST 2020

Dear developers:

I'm facing a feature request that asks for a change in id allocation
algorithm. Nowadays, the algorithm checks the minimum existing UID and adds
1 to it to allocate the UID for the new user. Only if that number is
outside of the SYS_UID_* range, it tries to use other values in "holes". Maybe
the same can happen to groups but I haven't checked it.

The change request is asking to use the highest free UID in the SYS_UID_*
range instead. The problem is that using the holes could assign the UID of
a previously existing account to the new account, which may lead to a
security issue.

I'd like to know your opinion on this matter.

Link to the new feature request:


Iker Pedrosa

Software Engineer, Identity Management team

Red Hat <https://www.redhat.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/attachments/20200526/eb5d8df6/attachment.html>

More information about the Pkg-shadow-devel mailing list