diff options
Diffstat (limited to 'man/man1/newgidmap.1')
-rw-r--r-- | man/man1/newgidmap.1 | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/man/man1/newgidmap.1 b/man/man1/newgidmap.1 new file mode 100644 index 0000000..c60cf7f --- /dev/null +++ b/man/man1/newgidmap.1 @@ -0,0 +1,100 @@ +'\" t +.\" Title: newgidmap +.\" Author: Eric Biederman +.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> +.\" Date: 11/08/2022 +.\" Manual: User Commands +.\" Source: shadow-utils 4.13 +.\" Language: English +.\" +.TH "NEWGIDMAP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +newgidmap \- set the gid mapping of a user namespace +.SH "SYNOPSIS" +.HP \w'\fBnewgidmap\fR\ 'u +\fBnewgidmap\fR \fIpid\fR \fIgid\fR \fIlowergid\fR \fIcount\fR [\fIgid\fR\ \fIlowergid\fR\ \fIcount\fR\ [\ \fI\&.\&.\&.\fR\ ]] +.SH "DESCRIPTION" +.PP +The +\fBnewgidmap\fR +sets +/proc/[pid]/gid_map +based on its command line arguments and the gids allowed\&. Subgid delegation can either be managed via +/etc/subgid +or through the configured NSS subid module\&. These options are mutually exclusive\&. +.PP +Note that the root group is not exempted from the requirement for a valid +/etc/subgid +entry\&. +.PP +After the pid argument, +\fBnewgidmap\fR +expects sets of 3 integers: +.PP +gid +.RS 4 +Beginning of the range of GIDs inside the user namespace\&. +.RE +.PP +lowergid +.RS 4 +Beginning of the range of GIDs outside the user namespace\&. +.RE +.PP +count +.RS 4 +Length of the ranges (both inside and outside the user namespace)\&. +.RE +.PP +\fBnewgidmap\fR +verifies that the caller is the owner of the process indicated by +\fBpid\fR +and that for each of the above sets, each of the GIDs in the range [lowergid, lowergid+count) is allowed to the caller according to +/etc/subgid +before setting +/proc/[pid]/gid_map\&. +.PP +Note that newgidmap may be used only once for a given process\&. +.SH "OPTIONS" +.PP +There currently are no options to the +\fBnewgidmap\fR +command\&. +.SH "FILES" +.PP +/etc/subgid +.RS 4 +List of user\*(Aqs subordinate group IDs\&. +.RE +.PP +/proc/[pid]/gid_map +.RS 4 +Mapping of gids from one between user namespaces\&. +.RE +.SH "SEE ALSO" +.PP +\fBlogin.defs\fR(5), +\fBnewusers\fR(8), +\fBsubgid\fR(5), +\fBuseradd\fR(8), +\fBuserdel\fR(8), +\fBusermod\fR(8)\&. |