9.2. Users and groups - 9.2.2. UID and GID classes - 《Debian Policy Manual v4.5》

9.2.2. UID and GID classes

9.2.2. UID and GID classes

The UID and GID numbers are divided into classes as follows:

0-99:

Globally allocated by the Debian project, the same on every Debian system. These ids will appear in the passwd and group files of all Debian systems, new ids in this range being added automatically as the base-passwd package is updated.

Packages which need a single statically allocated uid or gid should use one of these; their maintainers should ask the base-passwd maintainer for ids.

100-999:

Dynamically allocated system users and groups. Packages which need a user or group, but can have this user or group allocated dynamically and differently on each system, should use adduser --system to create the group and/or user. adduser will check for the existence of the user or group, and if necessary choose an unused id based on the ranges specified in adduser.conf.

1000-59999:

Dynamically allocated user accounts. By default adduser will choose UIDs and GIDs for user accounts in this range, though adduser.conf may be used to modify this behavior.

60000-64999:

Globally allocated by the Debian project, but only created on demand. The ids are allocated centrally and statically, but the actual accounts are only created on users’ systems on demand.

These ids are for packages which are obscure or which require many statically-allocated ids. These packages should check for and create the accounts in /etc/passwd or /etc/group (using adduser if it has this facility) if necessary. Packages which are likely to require further allocations should have a “hole” left after them in the allocation, to give them room to grow.

65000-65533:

Reserved.

65534:

User nobody. The corresponding gid refers to the group nogroup.

65535:

This value must not be used, because it was the error return sentinel value when uid_t was 16 bits.

65536-4294967293:

Dynamically allocated user accounts. By default adduser will not allocate UIDs and GIDs in this range, to ease compatibility with legacy systems where uid_t is still 16 bits.

4294967294:

(uid_t)(-2) == (gid_t)(-2) must not be used, because it is used as the anonymous, unauthenticated user by some NFS implementations.

4294967295:

(uid_t)(-1) == (gid_t)(-1) must not be used, because it is the error return sentinel value.