Name
subuid - the configuration for subordinate user idsDescription
Subuid authorizes a user id to map ranges of user ids from its namespace into child namespaces.
The delegation of the subordinate uids can be configured via the subid field in /etc/nsswitch.conf file. Only one value can be set as the delegation source. Setting this field to files configures the delegation of uids to /etc/subuid. Setting any other value treats the delegation as a plugin following with a name of the form libsubid_$value.so. If the value or plugin is missing, then the subordinate uid delegation falls back to files.
Note, that useradd will only create entries in /etc/subuid if subid delegation is managed via subid files.
Local Subordinate Delegation
Each line in /etc/subuid contains a user name and a range of subordinate user ids that user is allowed to use. This is specified with three fields delimited by colons (\(lq:\(rq). These fields are: \h'-04'\(bu\h'+03'\c
login name or UID \h'-04'\(bu\h'+03'\c
numerical subordinate user ID \h'-04'\(bu\h'+03'\c
numerical subordinate user ID count
This file specifies the user IDs that ordinary users can use, with the newuidmap command, to configure uid mapping in a user namespace.
Multiple ranges may be specified per user.
When large number of entries (10000-100000 or more) are defined in /etc/subuid, parsing performance penalty will become noticeable. In this case it is recommended to use UIDs instead of login names. Benchmarks have shown speed-ups up to 20x.
Files
/etc/subuid Per user subordinate user IDs.
/etc/subuid- Backup file for /etc/subuid.
See Also
login.defs(5), newgidmap(1), newuidmap(1), newusers(8), subgid(5), useradd(8), userdel(8), usermod(8), user_namespaces(7).