On 2019-10-09 15:39, Stephen John Smoogen wrote: > On Wed, 9 Oct 2019 at 16:34, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >> >> >> >> On 2019-10-09 14:58, Jonathan Billings wrote: >>> On Wed, Oct 09, 2019 at 02:47:19PM -0500, Valeri Galtsev wrote: >>>> Could someone enlighten me about the following file: >>>> >>>> /etc/subuid >>>> >>>> ? This file appears to be owned by "setup" package. This is CentOS 7 system, >>>> and until now these files if existed were never changed. Today I have added >>>> user quite routine way, by doing >>>> >>>> /usr/sbin/groupadd -g 4500 [username] >>>> /usr/sbin/useradd -g [username] -u 4500 -c "User Name, email at domain" >>>> [username] >>>> >>>> And the file /etc/subuid changed and user was added into it: >>>> >>>> [username]:100000:65536 >>> >>> I'm not sure what else it's used for, but /etc/subuid and /etc/subgid >>> are used by podman for rootless containers (i.e. you can run a >>> container without any root permissions). subuid/subgid is used to map >>> a range of UID/GIDs to the process namespace inside the kernel. >>> >>> Some details here: >>> >>> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html-single/managing_containers/index#set_up_for_rootless_containers >>> >>> It's actually pretty cool. >>> >>> So, now when accounts are created with useradd, subuids are assigned >>> to that new user. >>> >>> Unfortunately, this doesn't really work in an enterprise environment >>> when users are defined via LDAP, since no subuid/subgid entries are >>> created, but I've heard that there's an effort to make that happen in >>> the NSS layer in the future. >>> >> >> Thank you, Michael and Jonathan for your answers. >> >> I have one more question (which I probably will just answer myself by >> kickstart installing fresh new system...): >> >> Did something changed and now by default useradd command adds user in >> that file (by default without me using extra flag etc)? In other words >> is it just me or indeed the command we used since forever suddenly >> changed its behavior? >> > > I believe it is a new behavior (by about a year). This file was not in > earlier versions of RHEL because my systems only seem to have it > showing up after 2018-10 Thanks, you made me feel myself better. I create users on Linux machines routinely, I have created previous user two or three weeks ago, and the command useradd didn't behave like that. Valeri > >> Thanks again for your insights everybody. >> >> Valeri >> >>> >> >> -- >> ++++++++++++++++++++++++++++++++++++++++ >> Valeri Galtsev >> Sr System Administrator >> Department of Astronomy and Astrophysics >> Kavli Institute for Cosmological Physics >> University of Chicago >> Phone: 773-702-4247 >> ++++++++++++++++++++++++++++++++++++++++ >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos > > > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++