subuid(5) — Linux manual page

NAME | DESCRIPTION | LOCAL SUBORDINATE DELEGATION | FILES | SEE ALSO | COLOPHON

SUBUID(5)            File Formats and Configuration            SUBUID(5)

NAME         top

       subuid - the configuration for subordinate user ids

DESCRIPTION         top

       Subuid authorizes a user id to map ranges of user ids from its
       namespace into child namespaces.

       The delegation of the subordinate uids can be configured via the
       subid field in /etc/nsswitch.conf file. Only one value can be set
       as the delegation source. Setting this field to files configures
       the delegation of uids to /etc/subuid. Setting any other value
       treats the delegation as a plugin following with a name of the
       form libsubid_$value.so. If the value or plugin is missing, then
       the subordinate uid delegation falls back to files.

       Note, that useradd will only create entries in /etc/subuid if
       subid delegation is managed via subid files.

LOCAL SUBORDINATE DELEGATION         top

       Each line in /etc/subuid contains a user name and a range of
       subordinate user ids that user is allowed to use. This is
       specified with three fields delimited by colons (“:”). These
       fields are:

       •   login name or UID

       •   numerical subordinate user ID

       •   numerical subordinate user ID count

       This file specifies the user IDs that ordinary users can use,
       with the newuidmap command, to configure uid mapping in a user
       namespace.

       Multiple ranges may be specified per user.

       When large number of entries (10000-100000 or more) are defined
       in /etc/subuid, parsing performance penalty will become
       noticeable. In this case it is recommended to use UIDs instead of
       login names. Benchmarks have shown speed-ups up to 20x.

FILES         top

       /etc/subuid
           Per user subordinate user IDs.

       /etc/subuid-
           Backup file for /etc/subuid.

SEE ALSO         top

       login.defs(5), newgidmap(1), newuidmap(1), newusers(8),
       subgid(5), useradd(8), userdel(8), usermod(8),
       user_namespaces(7).

COLOPHON         top

       This page is part of the shadow-utils (utilities for managing
       accounts and shadow password files) project.  Information about
       the project can be found at 
       ⟨https://github.com/shadow-maint/shadow⟩.  If you have a bug
       report for this manual page, send it to
       pkg-shadow-devel@alioth-lists.debian.net.  This page was obtained
       from the project's upstream Git repository
       ⟨https://github.com/shadow-maint/shadow⟩ on 2023-12-22.  (At that
       time, the date of the most recent commit that was found in the
       repository was 2023-12-15.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

shadow-utils 4.11.1            12/22/2023                      SUBUID(5)

Pages that refer to this page: getsubids(1)newuidmap(1)unshare(1)nsswitch.conf(5)subgid(5)user_namespaces(7)newusers(8)useradd(8)userdel(8)usermod(8)