[CentOS] useradd -r doesn't work right in some contexts

Thu Apr 28 20:46:43 UTC 2016
Florin Andrei <florin at andrei.myip.org>

"useradd -r testuser" run as root from an interactive ssh session does 
the right thing: it creates a user account with a UID in the system 
users range (< 400).

Running the same command as a cron job (just for testing), also does the 
right thing.

Now I'm trying to accomplish the same result via chef-client. I'm trying 
to run "useradd -r" as a simple command, as a bash command, or as a 
script, from chef-client. It does create the user account, but the UID 
is in the normal range (> 600), not the system range.

It can't be a Chef bug, because it is actually running 
"/usr/sbin/useradd -r username", I'm not using the Chef user resource 
(although I've tried that with "system true" and it also fails to put 
the UID in the correct range). There's something about the context where 
chef-client is running that triggers different results. BTW, chef-client 
is running as a service via /etc/init.d/chef-client

Adding SYS_UID_MAX to /etc/login.defs doesn't help.

Any clue what's going on? Why useradd has different behaviors depending 
on how it's launched?

Florin Andrei