1SUBUID(5) File Formats and Configuration SUBUID(5)
2
6 subuid - the configuration for subordinate user ids
7
9 Subuid authorizes a user id to map ranges of user ids from its
10 namespace into child namespaces.
11 The delegation of the subordinate uids can be configured via the subid
13 field in /etc/nsswitch.conf file. Only one value can be set as the
14 delegation source. Setting this field to files configures the
15 delegation of uids to /etc/subuid. Setting any other value treats the
16 delegation as a plugin following with a name of the form
17 libsubid_$value.so. If the value or plugin is missing, then the
18 subordinate uid delegation falls back to files.
19 Note, that useradd will only create entries in /etc/subuid if subid
21 delegation is managed via subid files.
22
24 Each line in /etc/subuid contains a user name and a range of
25 subordinate user ids that user is allowed to use. This is specified
26 with three fields delimited by colons (“:”). These fields are:
27 • login name or UID
29 • numerical subordinate user ID
31 • numerical subordinate user ID count
33 This file specifies the user IDs that ordinary users can use, with the
35 newuidmap command, to configure uid mapping in a user namespace.
36 Multiple ranges may be specified per user.
38 When large number of entries (10000-100000 or more) are defined in
40 /etc/subuid, parsing performance penalty will become noticeable. In
41 this case it is recommended to use UIDs instead of login names.
42 Benchmarks have shown speed-ups up to 20x.
43
45 /etc/subuid
46 Per user subordinate user IDs.
47 /etc/subuid-
49 Backup file for /etc/subuid.
50
52 login.defs(5), newgidmap(1), newuidmap(1), newusers(1), subgid(5),
53 useradd(8), userdel(8), usermod(8), user_namespaces(7).
54shadow-utils 4.13 03/06/2023 SUBUID(5)