Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
Why the requirement for group id >= 1000?
In various places people have had to discover, and workaround the fact that the 1Password Browser-Helper and CLI not only require being in a specific group (fine), and have setgid set (also fine), but the gid of that group must by greater or equal to 1000 for the integration to work:
- Arch: Can not connect to desktop app | 1Password Community
- Gentoo: [SOLVED] Browser support error on Gentoo Linux | 1Password Community
- NixOS: https://github.com/NixOS/nixpkgs/commit/2a58907251af76c67c6d14c1e84e73f7eaeb95e8
I've been working on a distro package for a Linux distribution I'm building and also had to discover this. As per the previous implementation in the AUR, my package uses systemd-sysusers to automatically manage users and groups required by packages. By default these automatically assigned gids are less than 1000, which causes the browser integration to fail. I can work around by hard-coding a gid, but it would be better if it just worked with the automatically assigned one.
I'm wondering what's the reason for the >= 1000 requirement, and can the need for it be removed to make packaging simpler, cleaner, and consistent with other packages that need specific users and groups.
1 Reply
There is a de facto standard for Linux and some other unix platforms for the IDs for users and groups by which human users have UIDs and GIDs starting at 1000. Look for `UID_MIN` and `GID_MIN` in useradd(8) and groupadd(8).
Note that this is distinct from the reserved or built-in system UIDs and GIDs, which are traditionally below 101.After writing that, I see that systemd-sysusers(8) references Users, Groups, UIDs and GIDs on systemd Systems.
