System Administration Guide: Basic Administration

Using Large User IDs and Group IDs

UIDs and GIDs can be assigned up to the maximum value of a signed integer, or 2147483647.

However, UIDs and GIDs over 60000 do not have full functionality and are incompatible with many Solaris features, so avoid using UIDs or GIDs over 60000.

The following table describes interoperability issues with Solaris products and previous Solaris releases.

Table 4–2 Interoperability Issues for UIDs or GIDs Over 60000

Category 

Product or Command 

Issues or Cautions 

NFSTM Interoperability

SunOSTM 4.0 NFS software and compatible releases

NFS server and client code truncates large UIDs and GIDs to 16 bits. This situation can create security problems if systems running SunOS 4.0 and compatible releases are used in an environment where large UIDs and GIDs are being used. Systems running SunOS 4.0 and compatible releases require a patch to avoid this problem.  

Name Service Interoperability 

NIS name service and file-based name service 

Users with UIDs greater than 60000 can log in or use the su command on systems running the Solaris 2.5 and compatible releases, but their UIDs and GIDs will be set to 60001 (nobody).

 

NIS+ name service  

Users with UIDs greater than 60000 are denied access on systems running Solaris 2.5 and compatible releases and the NIS+ name service.  

Table 4–3 Large UID or GID Limitation Summary

UID or GID 

Limitations 

60003 or greater  

  • Users in this category logging into systems running Solaris 2.5 and compatible releases and the NIS or files name service get a UID and GID of nobody.

65535 or greater  

  • Systems running Solaris 2.5 and compatible releases with the NFS version 2 software see UIDs in this category truncated to 16 bits, creating possible security problems.

  • Users in this category using the cpio command with the default archive format to copy a file see an error message for each file. And, the UIDs and GIDs are set to nobody in the archive.

  • SPARC based systems: Users in this category running SunOS 4.0 and compatible applications see EOVERFLOW returns from some system calls, and their UIDs and GIDs are mapped to nobody.

  • IA based systems: Users in this category running SVR3-compatible applications will probably see EOVERFLOW return codes from system calls.

  • IA based systems: If users in this category attempt to create a file or directory on a mounted System V file system, the System V file system returns an EOVERFLOW error.

100000 or greater  

  • The ps -l command displays a maximum five-digit UID so the printed column won't be aligned when they include a UID or GID larger than 99999.

262144 or greater  

  • Users in this category using the cpio command with the -H odc format or the pax -x cpio command to copy files see an error message returned for each file. And, the UIDs and GIDs are set to nobody in the archive.

1000000 or greater  

  • Users in this category using the ar command have their UIDs and GIDs set to nobody in the archive.

2097152 or greater  

  • Users in this category using the tar command, the cpio -H ustar command, or the pax -x tar command have their UIDs and GIDs set to nobody.