summaryrefslogtreecommitdiffstats
path: root/man/man1/newgidmap.1
diff options
context:
space:
mode:
Diffstat (limited to 'man/man1/newgidmap.1')
-rw-r--r--man/man1/newgidmap.1100
1 files changed, 100 insertions, 0 deletions
diff --git a/man/man1/newgidmap.1 b/man/man1/newgidmap.1
new file mode 100644
index 0000000..c60cf7f
--- /dev/null
+++ b/man/man1/newgidmap.1
@@ -0,0 +1,100 @@
+'\" t
+.\" Title: newgidmap
+.\" Author: Eric Biederman
+.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
+.\" Date: 11/08/2022
+.\" Manual: User Commands
+.\" Source: shadow-utils 4.13
+.\" Language: English
+.\"
+.TH "NEWGIDMAP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+newgidmap \- set the gid mapping of a user namespace
+.SH "SYNOPSIS"
+.HP \w'\fBnewgidmap\fR\ 'u
+\fBnewgidmap\fR \fIpid\fR \fIgid\fR \fIlowergid\fR \fIcount\fR [\fIgid\fR\ \fIlowergid\fR\ \fIcount\fR\ [\ \fI\&.\&.\&.\fR\ ]]
+.SH "DESCRIPTION"
+.PP
+The
+\fBnewgidmap\fR
+sets
+/proc/[pid]/gid_map
+based on its command line arguments and the gids allowed\&. Subgid delegation can either be managed via
+/etc/subgid
+or through the configured NSS subid module\&. These options are mutually exclusive\&.
+.PP
+Note that the root group is not exempted from the requirement for a valid
+/etc/subgid
+entry\&.
+.PP
+After the pid argument,
+\fBnewgidmap\fR
+expects sets of 3 integers:
+.PP
+gid
+.RS 4
+Beginning of the range of GIDs inside the user namespace\&.
+.RE
+.PP
+lowergid
+.RS 4
+Beginning of the range of GIDs outside the user namespace\&.
+.RE
+.PP
+count
+.RS 4
+Length of the ranges (both inside and outside the user namespace)\&.
+.RE
+.PP
+\fBnewgidmap\fR
+verifies that the caller is the owner of the process indicated by
+\fBpid\fR
+and that for each of the above sets, each of the GIDs in the range [lowergid, lowergid+count) is allowed to the caller according to
+/etc/subgid
+before setting
+/proc/[pid]/gid_map\&.
+.PP
+Note that newgidmap may be used only once for a given process\&.
+.SH "OPTIONS"
+.PP
+There currently are no options to the
+\fBnewgidmap\fR
+command\&.
+.SH "FILES"
+.PP
+/etc/subgid
+.RS 4
+List of user\*(Aqs subordinate group IDs\&.
+.RE
+.PP
+/proc/[pid]/gid_map
+.RS 4
+Mapping of gids from one between user namespaces\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBlogin.defs\fR(5),
+\fBnewusers\fR(8),
+\fBsubgid\fR(5),
+\fBuseradd\fR(8),
+\fBuserdel\fR(8),
+\fBusermod\fR(8)\&.