Responding to multiple messages: On Fri, 20 Jan 2017 08:43:46 +0100 "minek van" <minek...@mail.com> wrote: > I can see that the default users and when creating new ones have > their UID/GUID incremented by 1. > > Could it bring more security if the UIDs/GUIDs would be random?
On Mon, 23 Jan 2017 11:51:29 -0500 andrew fabbro <and...@fabbro.org> wrote: > The OP was just talking about changing from "last +1" to arc4random. > Synchronizing UID/GID across servers (if you're not using a directory > of some sort) is the same headache regardless of how you pick them. > > If the OP meant every server has different, unique randomized > UID/GIDs then that's a separate craziness. I can see this randomisation making systems management a bit more difficult as a non-random GUID/UID setup can be used to do things like: GID 0 = wheel GID 1-999 = privsep users, daemons, system GID 1000-32765 = ordinary logins GID 32766 = nogroup GID 32767 = nobody Because the separation is clear and not so random, you can also set up GIDs/UIDs (1000-32765) permanently across a site where they need to be static, in the case of logged-in users. Very necessary for backups. However, the users 1-999 may change depending on what order you install packages in. OpenBSD still randomizes PIDs, but I don't see the point these days: https://security.stackexchange.com/questions/88692/do-randomized-pids-bring-more-security/89961
