subgid(5) — Linux manual page

NAME | DESCRIPTION | LOCAL SUBORDINATE DELEGATION | FILES | SEE ALSO | COLOPHON

SUBGID(5)            File Formats and Configuration            SUBGID(5)

NAME         top

       subgid - the configuration for subordinate group ids

DESCRIPTION         top

       Subgid authorizes a group id to map ranges of group ids from its
       namespace into child namespaces.

       The delegation of the subordinate gids can be configured via the
       subid field in /etc/nsswitch.conf file. Only one value can be set
       as the delegation source. Setting this field to files configures
       the delegation of gids to /etc/subgid. Setting any other value
       treats the delegation as a plugin following with a name of the
       form libsubid_$value.so. If the value or plugin is missing, then
       the subordinate gid delegation falls back to files.

       Note, that groupadd will only create entries in /etc/subgid if
       subid delegation is managed via subid files.

LOCAL SUBORDINATE DELEGATION         top

       Each line in /etc/subgid contains a user name and a range of
       subordinate group ids that user is allowed to use. This is
       specified with three fields delimited by colons (“:”). These
       fields are:

       •   login name or UID

       •   numerical subordinate group ID

       •   numerical subordinate group ID count

       This file specifies the group IDs that ordinary users can use,
       with the newgidmap command, to configure gid mapping in a user
       namespace.

       Multiple ranges may be specified per user.

       When large number of entries (10000-100000 or more) are defined
       in /etc/subgid, parsing performance penalty will become
       noticeable. In this case it is recommended to use UIDs instead of
       login names. Benchmarks have shown speed-ups up to 20x.

FILES         top

       /etc/subgid
           Per user subordinate group IDs.

       /etc/subgid-
           Backup file for /etc/subgid.

SEE ALSO         top

       login.defs(5), newgidmap(1), newuidmap(1), newusers(8),
       subuid(5), useradd(8), userdel(8), usermod(8),
       user_namespaces(7).

COLOPHON         top

       This page is part of the shadow-utils (utilities for managing
       accounts and shadow password files) project.  Information about
       the project can be found at 
       ⟨https://github.com/shadow-maint/shadow⟩.  If you have a bug
       report for this manual page, send it to
       pkg-shadow-devel@alioth-lists.debian.net.  This page was obtained
       from the project's upstream Git repository
       ⟨https://github.com/shadow-maint/shadow⟩ on 2024-06-15.  (At that
       time, the date of the most recent commit that was found in the
       repository was 2024-06-13.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

shadow-utils 4.14.0            06/15/2024                      SUBGID(5)

Pages that refer to this page: getsubids(1)newgidmap(1)unshare(1)nsswitch.conf(5)subuid(5)user_namespaces(7)newusers(8)useradd(8)userdel(8)usermod(8)