Your Ad Here

IBM AIX/UNIX system storage administration ksh/perl scripting

Wednesday, April 22, 2009

Why nobody user has -2 as uid on AIX

nobody:!:-2:-2:System Id :/:/bin/false

In the early days of unix, when they started creating common users, like root and admin and sys, the defaulted their ids as certain number so they would be common over all unix systems. They all had to create other accounts like nobody and created the id as -2, meaning that it is not a real id. (If you look at the /etc/security/passwd you will see they don't actually have a password.)

They had created this -2 in a 32 bit world. -2 is actually the twos compliment of 4294967294 in a 32 bit world. They are actually the same number. However, some programs thought that ids would only be positive and thus would reject the -2. Later versions of UNIX would allow both -2 and 4294967294 to mean the same thing. Some programs will only accept 4294967294. Which is why they have recently started to default the number to 4294967294, which by the way, is also double the maximum
number you are allow to put into that field.

In short, -2 and 4294967294 are the same number and can be swapped back and forth at will. Why they are different on different machines is propably due to the different levels of AIX that they are and when those files were made. It is also possible that some programs will change those numbers themselves. For instance, mkuser will allow you to add a user to the nobody group and even if the nobody group is 4294967294, it will change it to -2.