system vs normal user

There is no inherent difference between system groups and 'normal' groups, just like there is none between system users and regular users. It is by convention that human users are assigned uids from a certain number (e.g. 1000) upwards, whereas system users get uids in a range below that number.
The actual uid number, apart from the special uid 0 which is reserved for root, has no meaning at all and does not convey any privileges.
We distinguish system users and regular users only because they are treated differently. For instance, there is no point in displaying system users in a graphical login manager. Also, most system users don't need a login shell or home directory, whereas human users (normally) do.
The --system option of the adduser command is no more than a convenience for the administrator, as it presets a number of options to sensible values for a 'system account'. In fact, the whole adduser command is a convenience wrapper around (lower level commands like useradd and groupadd, which are wrappers around) essentially just editing /etc/passwd and /etc/group.

That is not a technical difference but an organizational decision. E.g. it makes sense to show normal users in a login dialog (so that you can click them instead of having to type the user name) but it wouldn't to show system accounts (the UIDs under which daemons and other automatic processes run) there.
Thus a border is defined or rather two ranges for the UIDs for the two groups. In openSUSE the file /etc/login.defs contains these lines:
# Min/max values for automatic uid selection in useradd
#
# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
# UIDs for dynamically allocated administrative and system accounts.
# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
# allocated user accounts.
#
UID_MIN                  1000
UID_MAX                 60000
# System accounts
SYS_UID_MIN               100
SYS_UID_MAX               499

Comments

Popular posts from this blog

HAproxy logging

teamcity Automatic Agent Start under Linux

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all