1SUBGID(5) File Formats and Configuration SUBGID(5)
2
3
4
6 subgid - the configuration for subordinate group ids
7
9 Subgid authorizes a group id to map ranges of group ids from its
10 namespace into child namespaces.
11
12 The delegation of the subordinate gids can be configured via the subid
13 field in /etc/nsswitch.conf file. Only one value can be set as the
14 delegation source. Setting this field to files configures the
15 delegation of gids to /etc/subgid. Setting any other value treats the
16 delegation as a plugin following with a name of the form
17 libsubid_$value.so. If the value or plugin is missing, then the
18 subordinate gid delegation falls back to files.
19
20 Note, that groupadd will only create entries in /etc/subgid if subid
21 delegation is managed via subid files.
22
24 Each line in /etc/subgid contains a user name and a range of
25 subordinate group ids that user is allowed to use. This is specified
26 with three fields delimited by colons (“:”). These fields are:
27
28 • login name or UID
29
30 • numerical subordinate group ID
31
32 • numerical subordinate group ID count
33
34 This file specifies the group IDs that ordinary users can use, with the
35 newgidmap command, to configure gid mapping in a user namespace.
36
37 Multiple ranges may be specified per user.
38
39 When large number of entries (10000-100000 or more) are defined in
40 /etc/subgid, parsing performance penalty will become noticeable. In
41 this case it is recommended to use UIDs instead of login names.
42 Benchmarks have shown speed-ups up to 20x.
43
45 /etc/subgid
46 Per user subordinate group IDs.
47
48 /etc/subgid-
49 Backup file for /etc/subgid.
50
52 login.defs(5), newgidmap(1), newuidmap(1), newusers(8), subuid(5),
53 useradd(8), userdel(8), usermod(8), user_namespaces(7).
54
55
56
57shadow-utils 4.12.3 11/29/2022 SUBGID(5)