On Wed, 13 Oct 2010, James A. Peltier wrote:
| > > That assumes the highest UID number has a login shell... | | > which is generally the case... | > | | Exactly, without excluding those who have a shell of nologin the | last uid on my machine is nfsnobody(65534), I don't believe that a | UID can be greater than that. | Only if authenticating against /etc/passwd. If authenticating against Kerberos, LDAP, or some other method this is not the case.
Here's the code I use to figure out next-available [GU]IDs:
# ----- %< ----- # figure out the highest UID and GID currently in production, but # rule out really high numbers (greater than 8000) which are typically # assigned to pseudo accounts like "nobody." # AWKTEST='END { print HUID } { if (($3 > HUID) && ($3 < 8000)) HUID = $3}' HUID=$(/usr/bin/getent passwd | /bin/gawk -F: "$AWKTEST") HGID=$(/usr/bin/getent group | /bin/gawk -F: "$AWKTEST") # # increment those UID and GID numbers by 1 for use with the # new account # let HUID=$HUID+1 let HGID=$HGID+1 # ----- %< -----
The 8000 high-end number is arbitrary; it works in our environment...