Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Rich Newsgroups: comp.os.linux.misc Subject: Re: privileged user in RedHat Date: Sun, 1 Sep 2024 18:50:18 -0000 (UTC) Organization: A noiseless patient Spider Lines: 28 Message-ID: References: <20240828082101.617dadf2@dorfdsl.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Injection-Date: Sun, 01 Sep 2024 20:50:18 +0200 (CEST) Injection-Info: dont-email.me; posting-host="62610a11c2d3287569507ff830bc087d"; logging-data="1680716"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18udSOZ22PSGn5lbC88W5cg" User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64)) Cancel-Lock: sha1:CSbF8jSoA5ooX0tnIgaAYh2XMFA= Bytes: 2215 Grant Taylor wrote: > On 9/1/24 02:29, Lawrence D'Oliveiro wrote: >> I think it’s configurable. > Yep. > > It's been configurable on every system that I've cared to look at in the > last 25 years. > > System defaults are usually quite sufficient. As far as the kernel is concerned, there is only one 'special' userid, zero, which denotes the root user. Everything else is just convention, and the kernel does not care if your userid is 1 or 500 or 1000, they are all "not zero" and so are not 'special'. The convention of starting regular users at 500 (or 1000) was done simply to leave a gap of id's for daemon's. Over time, as more and more daemon's were modified to run under their own user id instead of all running as root (for security separation concerns), the available 'space' when starting at 500 shrank. Somewhere along the way, the convention changed to 1000 to make up for the shrinkage in the free space below 500. And this convention is just there so that when looking at "ps" output, one can tell a system daemon from a user process by noting the userid value.