1. 0 → The `root` super-user
2. 65534 → The `nobody` UID, also called the "overflow" UID or similar. It's
- where various subsystems map unmappable users to, for example NFS or user
- namespacing. (The latter can be changed with a sysctl during runtime, but
- that's not supported on `systemd`. If you do change it you void your
- warranty.) Because Fedora is a bit confused the `nobody` user is called
- `nfsnobody` there (and they have a different `nobody` user at UID 99). I
- hope this will be corrected eventually though. (Also, some distributions
- call the `nobody` group `nogroup`. I wish they didn't.)
+ where various subsystems map unmappable users to, for example file systems
+ only supporting 16bit UIDs, NFS or user namespacing. (The latter can be
+ changed with a sysctl during runtime, but that's not supported on
+ `systemd`. If you do change it you void your warranty.) Because Fedora is a
+ bit confused the `nobody` user is called `nfsnobody` there (and they have a
+ different `nobody` user at UID 99). I hope this will be corrected eventually
+ though. (Also, some distributions call the `nobody` group `nogroup`. I wish
+ they didn't.)
3. 4294967295, aka "32bit `(uid_t) -1`" → This UID is not a valid user ID, as
- setresuid(), chown() and friends treat -1 as a special request to not change
- the UID of the process/file. This UID is hence not available for assignment
- to users in the user database.
+ `setresuid()`, `chown()` and friends treat -1 as a special request to not
+ change the UID of the process/file. This UID is hence not available for
+ assignment to users in the user database.
-4. 65535, aka "16bit `(uid_t) -1`" → Once upon a time `uid_t` used to be 16bit, and
- programs compiled for that would hence assume that `(uid_t) -1` is 65535. This
- UID is hence not usable either.
+4. 65535, aka "16bit `(uid_t) -1`" → Before Linux kernel 2.4 `uid_t` used to be
+ 16bit, and programs compiled for that would hence assume that `(uid_t) -1`
+ is 65535. This UID is hence not usable either.
The `nss-systemd` glibc NSS module will synthesize user database records for
the UIDs 0 and 65534 if the system user database doesn't list them. This means