Feature: Ability to modify the UID and GID of users / groups created by authd

[callanova]

Is there an existing request for this feature?

• I have searched the existing issues and found none that matched mine

Describe the feature

Currently, authd creates a random UID and GID for any users / groups it creates.
For example, during first authentication, [email protected] creates a UID of 1021432359 and a GID of 1021432359.
We have a workflow that requires a user's UID and GID to be set to a specific value like 1001.
usermod and groupmod don't allow us to modify the UID and GID of [email protected] because, the user and group don't exist in /etc/passwd and /etc/group respectively.
It would be great if there was a way to modify a UID and GID for users / groups created by authd.

Describe the ideal solution

A CLI cmd that can manage and modify /var/cache/authd/auth.db allowing us the ability to update the UID and GID for users / groups created by authd.

Alternatives and current workarounds

Use a non-authd account.

System information and logs

Environment

• broker version: please run snap info authd-msentraid

name:      authd-msentraid
summary:   MSEntra ID broker for authd
publisher: Canonical✓
store-url: https://snapcraft.io/authd-msentraid
license:   GPL-3.0
description: |
  This is the MS Entra ID broker snap for authd  to provide MS Entra ID OIDC based authentication on
  Ubuntu with authd.
services:
  authd-msentraid: simple, enabled, active
snap-id:      vS3oJLMss6lgWwoFcPqYDUA2HB20I1Dc
tracking:     0.x/edge
refresh-date: yesterday at 18:11 PST
channels:
  0.x/stable:    0.1+4fe9826.0f76acc 2024-10-02 (51) 18MB -
  0.x/candidate: ↑
  0.x/beta:      ↑
  0.x/edge:      0.1+a94565a.ed309a2 2024-11-12 (69) 18MB -
installed:       0.1+3c70d4e.048f86b            (67) 18MB -

• authd version: please run /usr/libexec/authd version

authd   0.3.6

• gnome shell version: please run apt policy gnome-shell

gnome-shell:
  Installed: 46.3.1-1ubuntu1~24.04.1authd2
  Candidate: 46.3.1-1ubuntu1~24.04.1authd2
  Version table:
 *** 46.3.1-1ubuntu1~24.04.1authd2 500
        500 https://ppa.launchpadcontent.net/ubuntu-enterprise-desktop/authd/ubuntu noble/main amd64 Packages
        100 /var/lib/dpkg/status
     46.0-0ubuntu6~24.04.5 500
        500 http://us.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
     46.0-0ubuntu6~24.04.3 500
        500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
     46.0-0ubuntu5 500
        500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages

• Distribution: (NAME in /etc/os-release)

"Ubuntu"

• Distribution version: (VERSION_ID on /etc/os-release):

24.04

Log files

Please redact/remove sensitive information:

Authd entries:

journalctl -u authd.service

N/A

MS Entra ID broker entries:

journalctl -u snap.authd-msentraid.authd-msentraid.service

N/A

Application settings

Please redact/remove sensitive information:

Broker configuration:

cat /var/snap/authd-msentraid/current/broker.conf

[oidc]
issuer = https://login.microsoftonline.com/TENANT_ID/v2.0
client_id = CLIENT_ID

[users]
# The directory where the home directory will be created for new users.
# Existing users will keep their current directory.
# The user home directory will be created in the format of {home_base_dir}/{username}
home_base_dir = /home

# The username suffixes that are allowed to login via ssh without existing previously in the system.
# The suffixes must be separated by commas.
ssh_allowed_suffixes = @company.com

Broker authd configuration:

cat /etc/authd/brokers.d/msentraid.conf

# This section is used by authd to identify and communicate with the broker.
# It should not be edited.
[authd]
name = Microsoft Entra ID
brand_icon = /snap/authd-msentraid/current/broker_icon.png
dbus_name = com.ubuntu.authd.MSEntraID
dbus_object = /com/ubuntu/authd/MSEntraID

Relevant information

N/A

Double check your logs

• I have redacted any sensitive information from the logs

[adombeck]

That's something we could support in the command-line tool which we plan to implement at some point.