System Administration Guide, Volume I

Using Large User IDs and Group IDs

Previous Solaris software releases used 32-bit data types to contain the user IDs (UIDs) and group IDs (GIDs), but UIDs and GIDs were constrained to a maximum useful value of 60000. Starting with the Solaris 2.5.1 release and compatible versions, the limit on UID and GID values has been raised to the maximum value of a signed integer, or 2147483647.

UIDs and GIDs over 60000 do not have full functionality and are incompatible with many Solaris features, so avoid using UIDs or GIDs over 60000. See Table 1-2 for a complete list of interoperability issues with Solaris products and commands.

Table 1-2 describes interoperability issues with previous Solaris and Solaris product releases.

Table 1-2 Interoperability Issues for UIDs/GIDs Over 60000


Category	Product/Command	Issues/Cautions
NFS^TM Interoperability	SunOS 4.0 NFS software and compatible versions	NFS server and client code truncates large UIDs and GIDs to 16 bits. This can create security problems if SunOS 4.0 and compatible machines are used in an environment where large UIDs and GIDs are being used. SunOS 4.0 and compatible systems require a patch.
Name Service Interoperability	NIS name service File-based name service	Users with UIDs above 60000 can log in or use the `su` command on systems running the Solaris 2.5 and compatible versions, but their UIDs and GIDs will be set to 60001 (nobody).
	NIS+ name service	Users with UIDs above 60000 are denied access on systems running Solaris 2.5 and compatible versions and the NIS+ name service.
Printed UIDs/GIDs	OpenWindows File Manager	Large UIDs and GIDs will not display correctly if the OpenWindows^TM File Manager is used with the extended file listing display option.

Table 1-3 Large UID/GID Limitation Summary


A UID or GID Of ...	Limitations
60003 or greater	Users in this category logging into systems running Solaris 2.5 and compatible releases and the NIS or files name service will get a UID and GID of `nobody`.
65535 or greater	Solaris 2.5 and compatible releases systems running the NFS version 2 software will see UIDs in this category truncated to 16 bits, creating possible security problems. Users in this category using the `cpio` command (using the default archive format) to copy files will see an error message for each file and the UIDs and GIDs will be set to `nobody` in the archive. SPARC systems: Users in this category running SunOS 4.0 and compatible applications will see `EOVERFLOW` returns from some system calls, and their UIDs and GIDs will be mapped to `nobody`. x86 systems: Users in this category on x86 systems running SVR3-compatible applications will probably see `EOVERFLOW` return codes from system calls. x86 systems: If users in this category attempt to create a file or directory on a mounted System V file system, the System V file system returns an `EOVERFLOW` error.
100000 or greater	The `ps -l` command displays a maximum five-digit UID so the printed column won't be aligned when they include a UID or GID larger than 99999.
262144 or greater	Users in this category using the `cpio` command (using `-H odc` format) or the `pax -x cpio` command to copy files will see an error message returned for each file, and the UIDs and GIDs will be set to `nobody` in the archive.
1000000 or greater	Users in this category using the `ar` command will have their UIDs and GIDs set to `nobody` in the archive.
2097152 or greater	Users in this category using the `tar` command, the `cpio -H ustar` command, or the `pax -x tar` command have their UIDs and GIDs set to `nobody`.