Using Large User IDs and Group IDs
UIDs and group
IDs (GIDs) can be assigned up to the maximum value of a signed integer, or
2147483647.
However, UIDs and GIDs over 60000 do not have full functionality and
are incompatible with many Solaris features. So, avoid using UIDs or GIDs
over 60000.
The following table describes interoperability issues with Solaris products
and previous Solaris releases.
Table 4–3 Interoperability Issues
for UIDs or GIDs Over 60000
Category
|
Product or Command
|
Issue
|
NFS interoperability
|
SunOS 4.0 NFS software and compatible releases
|
NFS server and client code truncates large UIDs and GIDs to 16 bits.
This situation can create security problems if systems running SunOS 4.0 and
compatible releases are used in an environment where large UIDs and GIDs are
being used. Systems running SunOS 4.0 and compatible releases require a patch
to avoid this problem.
|
Name service interoperability
|
NIS name service and file-based name service
|
Users with UIDs greater than 60000 can log in or use the su command
on systems running the Solaris 2.5 (and compatible releases). However, their
UIDs and GIDs will be set to 60001 (nobody).
|
|
NIS+ name service
|
Users with UIDs greater than 60000 are denied access on systems running
Solaris 2.5 (and compatible releases) and the NIS+ name service.
|
Table 4–4 Large UID or GID Limitation
Summary
UID or GID
|
Limitations
|
60003 or greater
|
Users who log in to systems running Solaris 2.5 (and compatible releases)
and the NIS or files name service get a UID and GID of nobody.
|
65535 or greater
|
-
Systems running Solaris 2.5 (and compatible releases) with
the NFS version 2 software truncate UIDs to 16 bits, creating possible security
problems.
-
Users who use the cpio command with the
default archive format to copy a file see an error message for each file.
And, the UIDs and GIDs are set to nobody in the archive.
-
x86 based systems: Users that run SVR3-compatible applications
will probably see EOVERFLOW return codes from system calls.
-
x86 based systems: If users attempt to create a file or directory
on a mounted System V file system, the System V file system returns an EOVERFLOW error.
|
100000 or greater
|
The ps -l command displays a maximum five-digit UID.
So, the printed column won't be aligned when it includes a UID or GID larger
than 99999.
|
262144 or greater
|
Users who use the cpio command with the -H
odc format or the pax -x cpio command to copy
files see an error message returned for each file. And, the UIDs and GIDs
are set to nobody in the archive.
|
1000000 or greater
|
Users who use the ar command have their UIDs and
GIDs set to nobody in the archive.
|
2097152 or greater
|
Users who use the tar command, the cpio
-H ustar command, or the pax -x tar command have
their UIDs and GIDs set to nobody.
|