Unix UID/GID Assignment with the JumpCloud Agent

A User ID (UID) is a unique value assigned by a Unix operating device to each user. Each user is identified to the device by their UID, and usernames are generally used only as an interface for humans. The UID, group identifier (GID) and other access control criteria (POSIX) determine which device resources a user can access. The JumpCloud Agent provides a method for manually assigning the UID and GID information for users within the JumpCloud Admin Portal.

Considerations

UID and GID management for users won’t handle conflict management in scenarios where a UID or GID already exists on the devices. This functionality expects that any existing UID and GID assignments with the device are known, and a unique identifier is provided within the JumpCloud configuration.

Duplicate UIDs/GIDs in JumpCloud

Admins should be aware of the following regarding duplicate (non-unique) UID/GID entries in JumpCloud:

  • Duplicate UID/GID values are generally not recommended.
  • A variety of problems can result from duplicate UID/GIDs, such as a failure to bind users to devices.
  • Duplicate entries are not the same as UID/GID conflicts, which will appear as configuration alerts, see Understand Alerts to learn more.

Note: JumpCloud doesn’t prevent you from creating duplicate UID/GID values and won’t give a warning when you create duplicate values.

Where to Find Unix UID/GID

UIDs are stored, along with their corresponding usernames and other user-specific information, in the /etc/passwd file, which can be read with the cat command:

cat/ etc/passwd

In the /etc/passwd file, the third field contains the UID and the fourth field contains the GID, which by default is equal to the UID for all ordinary users. UIDs are also stored in the inodes of the Unix file system, running processes, tar archives, and the now-obsolete Network Information Service. 

In POSIX-compliant environments, the command-line command id gives the current user's UID, and information like the username, primary user group and group identifier.

Enabling UID/GID Management

To enable UID/GID management for users:

  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
  2. In the left-hand navigation panel, click Settings.
  3. Under Security > UID/GID Management, click Enable/Disable UID/GID management for users.
  4. Click Save if these are your only changes.

Configuring UID/GID Values for Users

With the global setting configured, you can granularly configure users to enforce UID/GID consistency for all devices they are connected to in JumpCloud.

To enforce UID/GID consistency for a user:

  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
  2. In the left menu, click USER MANAGEMENT > Users.
  3. To enforce UID/GID consistency on all devices for a new user:
    1. Click ( ) to create a new user.
    2. Enter in the user information. 
    3. Click User Security Settings and Permissions
    4. Select Enforce UID/GID consistency for all devices.
    5. Enter values in the Unix UID and Unix GID fields for the respective user. 
    6. Click save user.

To enforce UID/GID consistency for all devices on an existing user, select an existing user that you would like to associate a UID/GID with. Then, follow points c through f from step 3 in the previous procedure. 

Configuring GID Values for Groups

With the global setting configured, you can associate a Linux group name and GID on JumpCloud User Groups. Any user participating in this group will inherit the GID when devices are bound for access to a group with this configuration.

To configure GID Values for a group of users:

  1. Log in to the JumpCloud Admin Portal:  https://console.jumpcloud.com.
  2. In the left menu, click USER MANAGEMENT > User Groups.
  3. To associate a Linux group name and GID with a new user group:
    • Click ( + ), then select Create Group of Users.
    • Name the new user group.
    • Select Create Linux group for this user group
    • Enter the desired values in the GROUP NAME and GROUP GID fields. 
    • Click save group or continue assigning Devices, Applications, and other resources to the user group. 

To associate a Linux group name and GID with an existing user group, select the desired group of users. Then, follow the steps in the previous procedure. 

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case