Are UIDs/GIDs minor than 100 considered a vulnerability problem or not?
This document (7003591) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Desktop 10 Service Pack 2
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10 Service Pack 1
SUSE Linux Enterprise Server 10 Service Pack 2
SUSE Linux Enterprise Server 9 Service Pack 4
SUSE Linux Enterprise Server 9 Service Pack 3
SUSE Linux Enterprise Server 9 Service Pack 2
SUSE Linux Enterprise Server 9 Service Pack 1
Situation
Resolution
Customers should not perform such invasive changes to the system. In the best case it doesn't help anything, in the worst case it causes trouble due to broken permissions.
Regarding to the group membership ids is not quite correct either. It's of course correct that system users like 'at' or 'haldaemon' are member of special groups. Normal users however should not be member of system groups on SUSE. Device permissions on SUSE Linux Enterprise 10 are handled by resmgr (resource manager client) so there is no need to be member of e.g. 'audio' or 'cdrom'. Exception here is 'video', you need to be member of that group if you use proprietary video drivers. Being member of the 'dialout' group is needed for users that should be able to control dial-up connections via smpppd (SuSE Meta PPP Daemon).
100 is no magic value either (/etc/login.defs), in fact 100 is the gid of the 'users' group where every (non-system) user greated by useradd is member by default.
Check /etc/login.defs file for details about the minimum and maximum values for UID/GID
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7003591
- Creation Date: 19-Jun-2009
- Modified Date:03-Mar-2020
-
- SUSE Linux Enterprise Desktop
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com