Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Keep UID above 501 for login window account display' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Keep UID above 501 for login window account display
Authored by: enigmamf on Aug 29, '03 12:15:29PM

Every UNIX system I have ever seen has had UIDs organized such that administrators have lower UIDs than hoi polloi. It is also useful if you are writing a program that must only be run by administrators, e.g. a root-owned program with the SetUID bit turned on: Rather than having a list of users that can run it, it can just check if the Real UID is <= 500.



[ Reply to This | # ]
Keep UID above 501 for login window account display
Authored by: kcamera on Aug 29, '03 04:04:36PM

I agree... I've always seen Joe User's UID kept above 500. But for some reason a company I work for has UID's scattered much lower (I think they offset from 100 or something). Mine was 209 -- I have no idea why :(

But as others have mentioned, maybe this hint can at least be helpful to *hide* additional special accounts from the preference panes and login window, even on a correctly run network where no one would need a UID less than 500.



[ Reply to This | # ]
Not safe
Authored by: SeanAhern on Sep 01, '03 12:09:28AM

Just assuming that a "normal" user's UID can't be <= 500 isn't a very safe way of doing things. Keeping a list of users in the program is also onerous. Better is to have that list be a UNIX group (see /etc/group on a normal system, the group databse in netinfo). Say, "staff". That way, any program can quickly check the group list to see if a given user should be authorized for a particular purpose. And it's easy to maintain.

Just my two cents.

---
-Sean



[ Reply to This | # ]