'\" t .\" Title: newgidmap .\" Author: Eric Biederman .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 02/07/2024 .\" Manual: User Commands .\" Source: shadow-utils 4.16.0 .\" Language: French .\" .TH "NEWGIDMAP" "1" "02/07/2024" "shadow\-utils 4\&.16\&.0" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NOM" newgidmap \- set the gid mapping of a user namespace .SH "SYNOPSIS" .HP \w'\fBnewgidmap\fR\ 'u \fBnewgidmap\fR \fIpid\fR \fIgid\fR \fIlowergid\fR \fIcount\fR [\fIgid\fR\ \fIlowergid\fR\ \fIcount\fR\ [\ \fI\&.\&.\&.\fR\ ]] .SH "DESCRIPTION" .PP The \fBnewgidmap\fR sets /proc/[pid]/gid_map based on its command line arguments and the gids allowed\&. Subgid delegation can either be managed via /etc/subgid or through the configured NSS subid module\&. These options are mutually exclusive\&. .PP Note that the root group is not exempted from the requirement for a valid /etc/subgid entry\&. .PP After the pid argument, \fBnewgidmap\fR expects sets of 3 integers: .PP gid .RS 4 Beginning of the range of GIDs inside the user namespace\&. .RE .PP lowergid .RS 4 Beginning of the range of GIDs outside the user namespace\&. .RE .PP count .RS 4 Length of the ranges (both inside and outside the user namespace)\&. .RE .PP \fBnewgidmap\fR verifies that the caller is the owner of the process indicated by \fBpid\fR and that for each of the above sets, each of the GIDs in the range [lowergid, lowergid+count) is allowed to the caller according to /etc/subgid before setting /proc/[pid]/gid_map\&. .PP Note that newgidmap may be used only once for a given process\&. .PP Instead of an integer process id, the first argument may be specified as \fIfd:N\fR, where the integer N is the file descriptor number for the calling process\*(Aqs opened file descriptor for the directory /proc/[pid]\&. In this case, \fBnewgidmap\fR will use openat(2) to open the gid_map file under that directory, avoiding a TOCTTOU in case the process exits and the pid is immediately reused\&. .SH "OPTIONS" .PP There currently are no options to the \fBnewgidmap\fR command\&. .SH "FICHIERS" .PP /etc/subgid .RS 4 List of user\*(Aqs subordinate group IDs\&. .RE .PP /proc/[pid]/gid_map .RS 4 Mapping of gids from one between user namespaces\&. .RE .SH "VOIR AUSSI" .PP \fBlogin.defs\fR(5), \fBnewusers\fR(8), \fBsubgid\fR(5), \fBuseradd\fR(8), \fBuserdel\fR(8), \fBusermod\fR(8)\&.