Within the GID range allocated for system users we have some odd variation that some UIDs are allocated backwards and some upwards, this needs to be investigated further, see https://phabricator.wikimedia.org/T235067#5562514 for the findings related to debmonitor (which also apply to others like systemd-coredump or prometheus-node-exporter)
|Open||None||T235161 Improve management of users/groups on servers in production|
|Open||None||T235163 Investigate GID allocation for system users|
The old system users which were created outside the 100-499 range still need to be cleaned up, otherwise we'll carry this technical debt for a few more years. Most of that is caused by debdeploy, and I'll roll out 0.3.0 in a way that I delete the system user with Cumin and then deploy the new debdeploy (which will re-create the sysusers in the correct range).