diff options
author | Silvan Mosberger <infinisil@icloud.com> | 2019-07-31 23:19:49 +0200 |
---|---|---|
committer | Silvan Mosberger <infinisil@icloud.com> | 2019-10-14 01:59:19 +0200 |
commit | 23d920c8f0d8d790fc69e155acbe9342853cc46a (patch) | |
tree | e9a0ac4f220c54f201ec012a553db4c695400f70 /nixos/modules/programs/shadow.nix | |
parent | 6c8aed6391a5e9f69cb59792aed58c5f33650275 (diff) |
nixos/users: Increase maximum system uid/gid from 499 to 999
This enlarges the system uid/gid range 6-fold, from 100 to 600 ids. This is a preventative measure against running out of dynamically allocated ids for NixOS services with isSystemUser, which should become the preferred way of allocating uids for non-real users.
Diffstat (limited to 'nixos/modules/programs/shadow.nix')
-rw-r--r-- | nixos/modules/programs/shadow.nix | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix index 8ec4169207db5..7eaf79d864e79 100644 --- a/nixos/modules/programs/shadow.nix +++ b/nixos/modules/programs/shadow.nix @@ -6,17 +6,27 @@ with lib; let + /* + There are three different sources for user/group id ranges, each of which gets + used by different programs: + - The login.defs file, used by the useradd, groupadd and newusers commands + - The update-users-groups.pl file, used by NixOS in the activation phase to + decide on which ids to use for declaratively defined users without a static + id + - Systemd compile time options -Dsystem-uid-max= and -Dsystem-gid-max=, used + by systemd for features like ConditionUser=@system and systemd-sysusers + */ loginDefs = '' DEFAULT_HOME yes SYS_UID_MIN 400 - SYS_UID_MAX 499 + SYS_UID_MAX 999 UID_MIN 1000 UID_MAX 29999 SYS_GID_MIN 400 - SYS_GID_MAX 499 + SYS_GID_MAX 999 GID_MIN 1000 GID_MAX 29999 |