Changing UID prevents login

Using OpenSUSE 42.1 Leap for the first time. I installed with all defaults, creating a user “bob” during the process. All OK - reboot and login also OK.
My network has quite a few Linux boxes, and all have common users with common UIDs (No NIS). If I change my user bob’s UID to 500 (conforming to my network), this user can no longer login, the login screen displays no username (so I cannot select root) and accepts no known passwords. Changing the UID in /etc/passwd back to 1000 does not cure this, neither does (at an ssh terminal) deleting and re-creating the user (although the new user can then login to a terminal, but not via the login screen). So far only a new install repairs things. I really need to have UIDs in this range (otherwise a large amount of work).
Any reason for this?

Cheers,

Bob

How did you change the UID? You do not tell and we can not tell you where you did things wrong when we have no idea what you did.
In any case, it is not only in /etc/passwd, but e.g. also in /etc/shadow.

I would advise YaST to do this.

Also the boundary between “system” UIDs and “normal” UIDs is at 1000. When you want to change that, again I guess that YaST > Security and users > Users is the place to go.

Sorry, forgot to say that the UID was changed to 500 using the YAST users and groups tool.
The UID is in /etc/passwd and not in /etc/shadow.
The ‘boundary’ at 1000 is not mandated and many linux systems use other values (e.g. 500).
A change back after the first one is not possible using YAST as there is no way to login graphically (for any user).

Bob

Ok, then check if it is not only correct in /etc/passwd, but also in /etc/shadow.

And check for that boundary at 1000, to change to 500.

In my 31.1 system (and it is in Dutch, thus the items may have a different wording):
YaST > Security and Users > Security Center and Hardening. Then User Addition. There you can change the minimum.

Err Henk, the /etc/shadow file does not contain the UID the fields are (from the man page):
login name

encrypted password**
date of last password change****
minimum password age****
maximum password age****
password warning period****
password inactivity period****
account expiration date****
reserved field

I have used opensuse since v10 (I think) and have never needed to adjust the ‘minimum user ID’ (and see no reason to do it now) this merely sets defaults for the gui AFAIK. Anyway correcting the /etc/passwd should fix it (but doesn’t). This is (for me) clearly a bug in the login manager.
Cheers,

Bob
**

You are correct. The shadowfile depends on the username.

When you think it is the login pag, then try another. E.g. the CLI rules out all the silly GUI additions.

Did you change the ownership of all thje files the user has? UID 500 will not be able to use it’s own home directory when not.

BTW I am going on a holiday. And packing last things. Thus sorry for my first lousy assessment. But as you did not tell what you did, a lot of possibilities come to mind and I jumped on the wrong one.

Yes Henk, login over a cli works fine, it’s ‘just’ the GUI that is the problem.
Well you are right, I did miss some information, but thanks for your comments.
Anyway, have a really good holiday.
Till later,

Bob

You can set the minimum ID for users to be shown on SDDM’s login screen in KDE’s settings (systemsettings5, “Configure Desktop”)->Startup and Shutdown->Login Screen (SDDM), or directly in /etc/sddm.conf (option “MinimumUid”).

The default is 1000 (which is the system default for new users too), so only users with an id >= 1000 will be displayed.

You can also switch to a different theme that allows to input the user name, if you want to.

Thanks Wolfi323,
this behaviour was unexpected (to me) as previous versions of OpenSUSE did not exhibit it.
I’ll try changing /etc/sddm.conf tonight.

Cheers,

Bob von Knobloch

That only depends on the used displaymanager.
KDM does have a similar setting, but it’s (still) set to 500 (or 0) by default apparently.

Other DMs than KDM started to not display users with id below 1000 too, in previous openSUSE versions already. And the default minimum UID for new users is 1000 since years.

OK, the default appears to have been KDM in previous versions, so I have not noticed it before.
I know 1000 is now recommended but, as above, I have a networked system going back to when 500 was the ‘norm’. To change this I would need to modify 100s of thousands of files on many computers (and the zip/tar backups would also be tricky).
What I do think is poor is that the DM did not offer me at least root login.
Without your information, that would mean a fresh install.
Cheers,

Bob von Knobloch

In a KDE installation, yes. GNOME used gdm of course, and so on.

What I do think is poor is that the DM did not offer me at least root login.

That’s also disabled in KDM by default, and even more frowned upon.

SDDM doesn’t treat root any special, it’s just not shown because MinimumUID=1000, and root has an UID of 0…

23 May 2016
This behavior frustrated me terribly, too - for the same reason, I need always to have UID 503. I never would have found any solution without this interchange here. But please note: just addling a line “MinimumUid=<…>” to /etc/sddm.conf did not work for me. I had to change it in the Startup and Shutdown–> LoginScreen window.
==Mel Strom

It does work, but you need to add it at the right place, in the “[Users]” section. See “man sddm.conf”.
If there is no “[Users]” section, you have to add that too.

The systemsettings5 config module takes care of that of course.