diff options
author | Balint Reczey <balint@balintreczey.hu> | 2021-11-07 15:18:49 +0100 |
---|---|---|
committer | Balint Reczey <balint@balintreczey.hu> | 2021-11-07 15:18:49 +0100 |
commit | 749c1780621163ca5108f164861324bafa9e0ae8 (patch) | |
tree | 51001872624a692018c45bf39276df94b603fb19 /man/subgid.5.xml | |
parent | d906ecd3b652d95af6ffb974a2f6669501bb9496 (diff) | |
download | shadow-749c1780621163ca5108f164861324bafa9e0ae8.tar.gz |
New upstream version 4.9upstream/4.9
Diffstat (limited to 'man/subgid.5.xml')
-rw-r--r-- | man/subgid.5.xml | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/man/subgid.5.xml b/man/subgid.5.xml index 70c561c4..02f421ab 100644 --- a/man/subgid.5.xml +++ b/man/subgid.5.xml @@ -38,6 +38,11 @@ <surname>Biederman</surname> <contrib>Creation, 2013</contrib> </author> + <author> + <firstname>Iker</firstname> + <surname>Pedrosa</surname> + <contrib>Developer, 2021</contrib> + </author> </refentryinfo> <refmeta> <refentrytitle>subgid</refentrytitle> @@ -48,12 +53,37 @@ </refmeta> <refnamediv id='name'> <refname>subgid</refname> - <refpurpose>the subordinate gid file</refpurpose> + <refpurpose>the configuration for subordinate group ids</refpurpose> </refnamediv> <refsect1 id='description'> <title>DESCRIPTION</title> <para> + Subgid authorizes a group id to map ranges of group ids from its namespace + into child namespaces. + </para> + <para> + The delegation of the subordinate gids can be configured via the + <replaceable>subid</replaceable> field in + <filename>/etc/nsswitch.conf</filename> file. Only one value can be set + as the delegation source. Setting this field to + <replaceable>files</replaceable> configures the delegation of gids to + <filename>/etc/subgid</filename>. Setting any other value treats + the delegation as a plugin following with a name of the form + <replaceable>libsubid_$value.so</replaceable>. If the value or plugin is + missing, then the subordinate gid delegation falls back to + <replaceable>files</replaceable>. + </para> + <para> + Note, that <command>groupadd</command> will only create entries in + <filename>/etc/subgid</filename> if subid delegation is managed via subid + files. + </para> + </refsect1> + + <refsect1 id='local-subordinate-delegation'> + <title>LOCAL SUBORDINATE DELEGATION</title> + <para> Each line in <filename>/etc/subgid</filename> contains a user name and a range of subordinate group ids that user is allowed to use. |