ssm-agent user should be a "system" user in Linux

[jagibson]

In order to prevent UID conflicts when you have multiple instances that share a network filesystem (e.g. NFS) ssm-agent should create the ssm-user in the SYS_UID_MIN-SYS_UID_MAX range as defined in /etc/login.defs.

Use case: I have a multi-user system that shares NFS (EFS) storage. NFS requires that UIDs match for file/directory access. Users are created on an ad-hoc basis using scripts where a script checks a master list for the next available UID and then sets up accounts on the NFS client instances. However if the ssm-agent login has been invoked for the first time on the instance it will take the next available user ID and therefore cause UID conflicts when I attempt to add another user to that system.

124 suggests pre-creating the ssm account and /etc/sudoers.d entry. While that could work it requires additional setup/overhead for installing the ssm-agent which is otherwise pretty simple.

Please consider either setting up the ssm-user as a "system" user or else provide another way to pre-specify the UID / GID for that account.

[kylet21]

Seconding this, causing issues with our provisioning and UID collisions.