[CentOS] What is /etc/subuid ?

Thu Oct 10 15:55:04 UTC 2019
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On 2019-10-09 14:56, Mike Burger wrote:
> On 2019-10-09 15:47, Valeri Galtsev wrote:
>> Dear Experts,

I am going to answer my own questions, sorry for using original post to 
reply to. I just decided to flatter myself answering what was addressed 
to Experts, even if it was I who did it ;-)

>> Could someone enlighten me about the following file:
>> /etc/subuid

Thanks to everyone who pointed me to actual purpose of this file.

<The rest is written by upset person who almost investigated what 
appeared like potential compromise, which it wasn't>

Now that I tagged what I will write below, here are my findings.

Until release of current "version" of CentOS 7, namely version: 
7.7.1908, the following command that is part of shadow-utils package :


did not touch /etc/subuid file. This is true about version 
and older.

With new CentOS release shadow-utils were replaced with version 4.6.5, 
which has its default behavior changed, namely it does modify 
/etc/subuid file.

And here are my problems and reasons to be upset with this change:

1. The default behavior of the command /usr/sbin/useradd has changed

2. man page for the command /usr/sbin/useradd has no mentioning of 

3. there is no way to change command behavior to what it was in the 
past, and no options related to /etc/subuid in useradd command

Incidentally, dealing with /etc/subuid was (or is it just "is?) reserved 
for the command /usr/sbin/usermod. And man page for usermod command has 
subuid in it. I am not going to discuss where (which command) dealing 
with /etc/subuid belongs to, keeping in mind the mood of the person who 
has investigated false case of compromise purely created by my system 
vendor. No, not system vendor, and not even upstream system vendor, the 
change actually actually appears to be made by the maintainer of 
shadow-utils (I see the same in Ubuntu system - just looked randomly 
into the box with different system).

Thanks again to everybody who gave their insights.


>> ? This file appears to be owned by "setup" package. This is CentOS 7
>> system, and until now these files if existed were never changed. Today
>> I have added user quite routine way, by doing
>> /usr/sbin/groupadd -g 4500 [username]
>> /usr/sbin/useradd -g [username] -u 4500 -c "User Name, email at domain" 
>> [username]
>> And the file /etc/subuid changed and user was added into it:
>> [username]:100000:65536
>> Nothing like that was happening before. This is first time I create
>> account after update done on Oct 3, 2019. I checked several CentOS 7
>> machines, basically doing this:
>>  # grep subuid /usr/sbin/useradd
>> Binary file /usr/sbin/useradd matches
>> And CentOS 7 machines indeed may have that file name in the useradd
>> binary. None of CentOS 6 machines has that.
>> I tried to do FreeBSD-ism:
>> man /etc/subuid
>> came empty, and realized that I'm doing FreeBSD-ism.
>> I tried to do search on the web (did not "google", I use duckduckgo...
>> so I "did search"), and came pretty much empty.
>> Is it just me, or indeed something in CentOS 7 indeed changed? And 
>> what is it?
>> Another question on the same note: how do we find out what the file is
>> about and is used for in Linux, apart from searching on the web. (When
>> there are surprises like the one I had today, one does like to know
>> what this particular file is used for).
>> Thanks in advance for your answers.
> A quick google search:
> https://lmgtfy.com/?qtype=search&q=%2Fetc%2Fsubuid
> yielded this as the first link:
> http://man7.org/linux/man-pages/man5/subuid.5.html

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247