On 2019-10-09 14:56, Mike Burger wrote: > On 2019-10-09 15:47, Valeri Galtsev wrote: >> Dear Experts, I am going to answer my own questions, sorry for using original post to reply to. I just decided to flatter myself answering what was addressed to Experts, even if it was I who did it ;-) >> >> Could someone enlighten me about the following file: >> >> /etc/subuid Thanks to everyone who pointed me to actual purpose of this file. <The rest is written by upset person who almost investigated what appeared like potential compromise, which it wasn't> Now that I tagged what I will write below, here are my findings. Until release of current "version" of CentOS 7, namely version: 7.7.1908, the following command that is part of shadow-utils package : /usr/sbin/useradd did not touch /etc/subuid file. This is true about version 4.1.5.1-25 and older. With new CentOS release shadow-utils were replaced with version 4.6.5, which has its default behavior changed, namely it does modify /etc/subuid file. And here are my problems and reasons to be upset with this change: 1. The default behavior of the command /usr/sbin/useradd has changed 2. man page for the command /usr/sbin/useradd has no mentioning of /etc/subuid; 3. there is no way to change command behavior to what it was in the past, and no options related to /etc/subuid in useradd command Incidentally, dealing with /etc/subuid was (or is it just "is?) reserved for the command /usr/sbin/usermod. And man page for usermod command has subuid in it. I am not going to discuss where (which command) dealing with /etc/subuid belongs to, keeping in mind the mood of the person who has investigated false case of compromise purely created by my system vendor. No, not system vendor, and not even upstream system vendor, the change actually actually appears to be made by the maintainer of shadow-utils (I see the same in Ubuntu system - just looked randomly into the box with different system). Thanks again to everybody who gave their insights. Valeri >> >> ? This file appears to be owned by "setup" package. This is CentOS 7 >> system, and until now these files if existed were never changed. Today >> I have added user quite routine way, by doing >> >> /usr/sbin/groupadd -g 4500 [username] >> /usr/sbin/useradd -g [username] -u 4500 -c "User Name, email at domain" >> [username] >> >> And the file /etc/subuid changed and user was added into it: >> >> [username]:100000:65536 >> >> Nothing like that was happening before. This is first time I create >> account after update done on Oct 3, 2019. I checked several CentOS 7 >> machines, basically doing this: >> >> # grep subuid /usr/sbin/useradd >> Binary file /usr/sbin/useradd matches >> >> And CentOS 7 machines indeed may have that file name in the useradd >> binary. None of CentOS 6 machines has that. >> >> I tried to do FreeBSD-ism: >> >> man /etc/subuid >> >> came empty, and realized that I'm doing FreeBSD-ism. >> >> I tried to do search on the web (did not "google", I use duckduckgo... >> so I "did search"), and came pretty much empty. >> >> Is it just me, or indeed something in CentOS 7 indeed changed? And >> what is it? >> >> Another question on the same note: how do we find out what the file is >> about and is used for in Linux, apart from searching on the web. (When >> there are surprises like the one I had today, one does like to know >> what this particular file is used for). >> >> >> Thanks in advance for your answers. > > A quick google search: > > https://lmgtfy.com/?qtype=search&q=%2Fetc%2Fsubuid > > yielded this as the first link: > > http://man7.org/linux/man-pages/man5/subuid.5.html > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++