View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009230Kali LinuxFeature Requestspublic2025-06-23 23:282025-06-24 06:36
ReporterRookie1942 Assigned Toarnaudr  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionwon't fix 
Summary0009230: Had an issue with DNS resolving (fixed now) took a couple days to find the culprit,
Description

Title:
Support Reserved or Excluded UID Ranges for User Allocation (for all major Linux distributions)

Description:
Currently, Linux user management tools (useradd, adduser, etc.) allocate UIDs from a continuous range defined by UID_MIN and UID_MAX in /etc/login.defs. There is no built-in mechanism to reserve or explicitly exclude subranges within this range for special-purpose users, future expansion, or unique system requirements.

This limitation can cause problems in environments where administrators need to:

  • Reserve blocks of UIDs for system, service, or legacy accounts.
  • Prevent accidental assignment of special UIDs (such as nobody or accounts managed by external systems).
  • Safely expand the user UID space without risking collisions.

The issue becomes especially acute in server hubs, high-churn or large-scale deployments, and any scenario where UID management is critical for security, compliance, or operational stability.

Feature Request:

  • Please extend user management tools and configuration (such as /etc/login.defs) to support multiple allocatable UID ranges or an explicit exclusion/reservation mechanism for subranges.
  • This could take the form of multiple UID_RANGE lines, or an UID_EXCLUDE directive, e.g.: 
    UID_MIN 1000
UID_MAX 120000
UID_EXCLUDE 3000-3999

    or 

    UID_RANGE 1000-2999
UID_RANGE 4000-120000
  • Allocation logic in useradd, adduser, and related tools should skip any reserved/excluded subranges during automatic UID assignment.

Expanded Benefits:

  • Prevents Outages and Service Interruptions:
    In large-scale or long-lived environments, UID exhaustion or accidental overlap with special accounts can lead to critical services failing to start, new users being unable to log in, or system-level daemons (such as systemd-resolved) crashing. By allowing UID subranges to be reserved or excluded, administrators can proactively guard against these outages, reducing downtime and costly incident response.

  • Enables Secure Multi-Tenancy:
    On systems hosting many tenants (e.g., shared servers, cloud platforms, universities), the ability to reserve or exclude UID ranges is critical for isolating tenants and preventing accidental privilege escalations or security breaches due to UID collisions.

  • Facilitates Compliance and Policy Enforcement:
    Many regulated industries and government environments require strict account separation, auditing, and the ability to reserve UID ranges for different organizational units or purposes. Native support for reserved/excluded ranges allows organizations to meet compliance requirements (GDPR, HIPAA, PCI DSS, etc.) without fragile manual workarounds.

  • Supports Automated and Scalable Infrastructure:
    Modern infrastructure relies on automation (Ansible, Puppet, Chef, Salt, cloud-init, etc.) to provision and manage accounts. Having configurable, non-contiguous UID allocation aligns with automation best practices and ensures systems remain maintainable and scalable as fleets grow into the thousands or tens of thousands of accounts.

  • Improves Disaster Recovery and Migration:
    When restoring from backups, migrating users between systems, or integrating with Active Directory/LDAP, preserving UID integrity is crucial. The ability to exclude or reserve blocks of UIDs prevents data ownership confusion and supports seamless migrations, even across heterogenous environments.

  • Reduces Human Error:
    Manual tracking or “dummy user” workarounds are error-prone and not scalable. By making UID exclusions/reservations a first-class configuration, the risk of accidental reassignment or deletion is eliminated, improving reliability and administrator confidence.

  • Future-Proofs Linux for Enterprise and Cloud:
    As Linux is adopted in ever-larger environments (cloud providers, hosting companies, container orchestration, etc.), UID management complexity increases. This feature would position Linux ahead of the curve, making it more attractive for enterprise and hyperscale deployments.

  • Enhances Integration with Modern Identity Systems:
    Many sites use external identity providers (SSO, AD, LDAP, OAuth), which may assign UIDs in specific ranges. Having the ability to configure exclusions or allocations ensures smooth interoperability and reduces friction integrating Linux systems into modern authentication architectures.

  • Community and Ecosystem Impact:
    By addressing this long-standing limitation, the Linux ecosystem sends a clear message that it is responsive to the operational needs of administrators and enterprises, encouraging broader adoption and contribution from industry.

This feature would benefit all major Linux distributions, not just Kali, and is particularly important for systems deployed at scale.

Thank you for your consideration.

Activities

kali-bugreport

kali-bugreport

2025-06-24 04:56

reporter   ~0020704

AI created nonsense?
arnaudr

arnaudr

2025-06-24 06:36

manager   ~0020705

Closing, entirely out of scope for Kali

Issue History

Date Modified Username Field Change
2025-06-23 23:28 Rookie1942 New Issue
2025-06-24 04:56 kali-bugreport Note Added: 0020704
2025-06-24 06:36 arnaudr Note Added: 0020705
2025-06-24 06:36 arnaudr Assigned To => arnaudr
2025-06-24 06:36 arnaudr Status new => closed
2025-06-24 06:36 arnaudr Resolution open => won't fix