'\" t .\" Title: newgidmap .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 .\" Date: 07/27/2018 .\" Manual: User Commands .\" Source: shadow-utils 4.5 .\" Language: English .\" .TH "NEWGIDMAP" "1" "07/27/2018" "shadow\-utils 4\&.5" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" newgidmap \- set the gid mapping of a user namespace .SH "SYNOPSIS" .HP \w'\fBnewgidmap\fR\ 'u \fBnewgidmap\fR \fIpid\fR \fIgid\fR \fIlowergid\fR \fIcount\fR [\fIgid\fR\ \fIlowergid\fR\ \fIcount\fR\ [\ \fI\&.\&.\&.\fR\ ]] .SH "DESCRIPTION" .PP The \fBnewgidmap\fR sets /proc/[pid]/gid_map based on its command line arguments and the gids allowed in /etc/subgid\&. Note that the root user is not exempted from the requirement for a valid /etc/subgid entry\&. .PP After the pid argument, \fBnewgidmap\fR expects sets of 3 integers: .PP gid .RS 4 Beginning of the range of GIDs inside the user namespace\&. .RE .PP lowergid .RS 4 Beginning of the range of GIDs outside the user namespace\&. .RE .PP count .RS 4 Length of the ranges (both inside and outside the user namespace)\&. .RE .PP \fBnewgidmap\fR verifies that the caller is the owner of the process indicated by \fBpid\fR and that for each of the above sets, each of the GIDs in the range [lowergid, lowergid+count] is allowed to the caller according to /etc/subgid before setting /proc/[pid]/gid_map\&. .PP Note that newgidmap may be used only once for a given process\&. .SH "OPTIONS" .PP There currently are no options to the \fBnewgidmap\fR command\&. .SH "FILES" .PP /etc/subgid .RS 4 List of user\*(Aqs subordinate group IDs\&. .RE .PP /proc/[pid]/gid_map .RS 4 Mapping of gids from one between user namespaces\&. .RE .SH "SEE ALSO" .PP \fBlogin.defs\fR(5), \fBnewusers\fR(8), \fBsubgid\fR(5), \fBuseradd\fR(8), \fBuserdel\fR(8), \fBusermod\fR(8)\&.