“useradd -r testuser” run as root from an interactive SSH session does the right thing: it creates a user account with a UID in the system users range (< 400). Running the same command as a cron job (just for testing), also does the right thing. Now I’m trying to accomplish the same result via chef-client. I’m trying to run “useradd -r” as a simple command, as a bash command, or as a script, from chef-client. It does create the user account, but the UID is in the normal range (> 600), not the system range.

It can’t be a Chef bug, because it is actually running
“/usr/sbin/useradd -r username”, I’m not using the Chef user resource
(although I’ve tried that with “system true” and it also fails to put the UID in the correct range). There’s something about the context where chef-client is running that triggers different results. BTW, chef-client is running as a service via /etc/init.d/chef-client

Adding SYS_UID_MAX to /etc/login.defs doesn’t help.

Any clue what’s going on? Why useradd has different behaviors depending on how it’s launched?