Q1.The id range of useradd -u [id] is not restricted by UID_MIN and UID_MAX Q2.Use "useradd -o" to create a user whose uid is 0

Question

Q1.The id range of useradd -u [id] is not restricted by UID_MIN and UID_MAX Q2.Use "useradd -o" to create a user whose uid is 0

Closed this issue a month ago · 2 comments

zhengxiaoxiaoGithub commented 2 months ago

hi,
In my tests, I found that "useradd -u" can create any number with a uid less than 4294967294, regardless of UID_MIN and UID_MAX.
Is this normal designs or bugs?

And I can also use "useradd -o" to create a user whose uid is 0. Is this insecure?

Answer 1 · 2024-09-29T10:34:43.000Z

hi, In my tests, I found that "useradd -u" can create any number with a uid less than 4294967294, regardless of UID_MIN and UID_MAX. Is this normal designs or bugs?

It seems to be deliberate. While there are checks, they only produce a warning, and not an error:

$ grepc check_uid_range .
./src/useradd.c:static void check_uid_range(int rflg, uid_t user_id);
./src/useradd.c:static void check_uid_range(int rflg, uid_t user_id)
{
	uid_t uid_min ;
	uid_t uid_max ;
	if (rflg) {
		uid_max = getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1);
		if (user_id > uid_max) {
			fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max);
		}
	}else{
		uid_min = getdef_ulong("UID_MIN", 1000UL);
		uid_max = getdef_ulong("UID_MAX", 6000UL);
		if (uid_min <= uid_max) {
			if (user_id < uid_min || user_id >uid_max)
				fprintf(stderr, _("%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max);
		}
	}

}

It was added in 00e629c in #243.

commit 00e629c0ba4b3e90b61df6dd220e5b56e2159284
Author: blueskycs2c <lili.ding@cs2c.com>
Date:   Sat Apr 11 22:45:54 2020 +0800

    print a warning from useradd if -u is used with uid number outside range.

Maybe we could promote that to an error, I don't know. @hallyn ? @blueskycs2c?

And I can also use "useradd -o" to create a user whose uid is 0. Is this insecure?

Well, you're saying that that user is effectively root. I'd say it can be a security problem, if the login is weak. It can also be a security risk, if an attacker tricks a sysadmin to believe that a command is harmless because it's being run as a non-root user when it's actually root. Don't do that? I mean, if you don't create a second root user, it won't be a problem. :)

In general, -o can be a security risk for the same reasons, so don't use it unless you need it. Root isn't special in this, I think.

Answer 2 · 2024-10-01T20:41:12.000Z

UID_MIN and UID_MAX are to guide the auto-selection of uids. Not to limit what admin can do by hand. If admin wants to specify a # outside of those, that's fine.

Thanks for checking.