ansible-collection-hardening icon indicating copy to clipboard operation
ansible-collection-hardening copied to clipboard

Published 20 hours ago verified publisher icon dev-sec

System UID range increased from 500 to 1000 in RHEL/CentOS 7

Open martinbydefault opened this issue 6 years ago • 2 comments

System user UID range was extended from 0-499 to 0-999 (https://access.redhat.com/articles/1190233).

In the template rhel_system_auth.j2 there is a 500 harcoded. I think there should be a variable with the max system UID number (500 or 1000, depending the OS version) and use that variable instead of the 500 hardcoded here: https://github.com/dev-sec/ansible-os-hardening/blob/44b32922ffd4372fabdef56c958448ea555ed9c3/templates/etc/pam.d/rhel_system_auth.j2#L9 and here: https://github.com/dev-sec/ansible-os-hardening/blob/44b32922ffd4372fabdef56c958448ea555ed9c3/templates/etc/pam.d/rhel_system_auth.j2#L17

Or maybe don't define a new variable and just use os_auth_uid_min?

In both cases the variable must be defined in the OS specific version var file (Redhat-6 and Redhat-7) instead of the general (Redhat).

I can submit a PR with the changes once I get feedback from this.

CC @rndmh3ro

martinbydefault avatar Sep 26 '18 14:09 martinbydefault

Hey @martinbydefault, thanks for noticing that, you're completely right!

Or maybe don't define a new variable and just use os_auth_uid_min?

Yes, we should use that variable.

If you would open a PR that would be great!

rndmh3ro avatar Oct 01 '18 19:10 rndmh3ro

How about reading it from /etc/login.defs (SYS_UID_MAX)?

pyllyukko avatar Oct 16 '19 10:10 pyllyukko