putpwent doesn't support full 2^32 range for UID/GID
The Linux kernel has supposedly supported UID/GID values up to 2^32 (4,294,967,296) since 2001. However, the Alpine version of putpwent only seems to support up to 2,147,483,647. This causes shadow’s useradd, usermod, and groupmod modules to create unusable user accounts when provided with larger values.
For example, given:
test.c:
<code class="c">
#include <stdio.h>
#include <pwd.h>
int main()
{
struct passwd pw =
{
.pw_name = "test",
.pw_passwd = "x",
.pw_uid = 2147483648,
.pw_gid = 100,
.pw_gecos = "",
.pw_dir = "/",
.pw_shell = "/sbin/nologin"
};
FILE* file = fopen("/etc/passwd", "a");
return putpwent(&pw, file);
}
</code>
Shell:
<code class="bash">
sudo docker run -it --rm alpine /bin/sh
apk update
apk add --no-cache build-base nano
cd /tmp
nano test.c
gcc test.c -o test
./test
tail -1 /etc/passwd
id test
</code>
Outputs:
<code class="text">
test:x:-2147483648:100::/:/sbin/nologin
id: unknown user test
</code>
However, manually updating the UID in ‘/etc/passwd’ resolves the issue as mentioned here: https://stackoverflow.com/q/41807026/1409101
My particular use case is running on my Synology NAS, which seems to create all joined Active Directory users/groups with very high UID values. When I try to run the lsiobase/alpine Docker container (which relies on shadow) as one of my Active Directory users, it fails. This issue does not occur with the `ubuntu` or `lsiobase\ubuntu` images so I assume it is specific to Alpine, though I could certainly be missing something.
References:
- https://github.com/linuxserver/docker-baseimage-alpine/issues/39
- https://github.com/shadow-maint/shadow/issues/165
(from redmine: issue id 10460, created on 2019-05-16)