summaryrefslogtreecommitdiffstats
path: root/man/man1/newuidmap.1
diff options
context:
space:
mode:
Diffstat (limited to 'man/man1/newuidmap.1')
-rw-r--r--man/man1/newuidmap.1100
1 files changed, 100 insertions, 0 deletions
diff --git a/man/man1/newuidmap.1 b/man/man1/newuidmap.1
new file mode 100644
index 0000000..d4dda67
--- /dev/null
+++ b/man/man1/newuidmap.1
@@ -0,0 +1,100 @@
+'\" t
+.\" Title: newuidmap
+.\" Author: Eric Biederman
+.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
+.\" Date: 11/08/2022
+.\" Manual: User Commands
+.\" Source: shadow-utils 4.13
+.\" Language: English
+.\"
+.TH "NEWUIDMAP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+newuidmap \- set the uid mapping of a user namespace
+.SH "SYNOPSIS"
+.HP \w'\fBnewuidmap\fR\ 'u
+\fBnewuidmap\fR \fIpid\fR \fIuid\fR \fIloweruid\fR \fIcount\fR [\fIuid\fR\ \fIloweruid\fR\ \fIcount\fR\ [\ \fI\&.\&.\&.\fR\ ]]
+.SH "DESCRIPTION"
+.PP
+The
+\fBnewuidmap\fR
+sets
+/proc/[pid]/uid_map
+based on its command line arguments and the uids allowed\&. Subuid delegation can either be managed via
+/etc/subuid
+or through the configured NSS subid module\&. These options are mutually exclusive\&.
+.PP
+Note that the root user is not exempted from the requirement for a valid
+/etc/subuid
+entry\&.
+.PP
+After the pid argument,
+\fBnewuidmap\fR
+expects sets of 3 integers:
+.PP
+uid
+.RS 4
+Beginning of the range of UIDs inside the user namespace\&.
+.RE
+.PP
+loweruid
+.RS 4
+Beginning of the range of UIDs outside the user namespace\&.
+.RE
+.PP
+count
+.RS 4
+Length of the ranges (both inside and outside the user namespace)\&.
+.RE
+.PP
+\fBnewuidmap\fR
+verifies that the caller is the owner of the process indicated by
+\fBpid\fR
+and that for each of the above sets, each of the UIDs in the range [loweruid, loweruid+count) is allowed to the caller according to
+/etc/subuid
+before setting
+/proc/[pid]/uid_map\&.
+.PP
+Note that newuidmap may be used only once for a given process\&.
+.SH "OPTIONS"
+.PP
+There currently are no options to the
+\fBnewuidmap\fR
+command\&.
+.SH "FILES"
+.PP
+/etc/subuid
+.RS 4
+List of user\*(Aqs subordinate user IDs\&.
+.RE
+.PP
+/proc/[pid]/uid_map
+.RS 4
+Mapping of uids from one between user namespaces\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBlogin.defs\fR(5),
+\fBnewusers\fR(8),
+\fBsubuid\fR(5),
+\fBuseradd\fR(8),
+\fBusermod\fR(8),
+\fBuserdel\fR(8)\&.