'\" t .\" Title: newgidmap .\" Author: Eric Biederman .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 02/04/2024 .\" Manual: User Commands .\" Source: shadow-utils 4.13 .\" Language: English .\" .TH "NEWGIDMAP" "1" "02/04/2024" "shadow\-utils 4\&.13" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" newgidmap \- set the gid mapping of a user namespace .SH "SYNOPSIS" .HP \w'\fBnewgidmap\fR\ 'u \fBnewgidmap\fR \fIpid\fR \fIgid\fR \fIlowergid\fR \fIcount\fR [\fIgid\fR\ \fIlowergid\fR\ \fIcount\fR\ [\ \fI\&.\&.\&.\fR\ ]] .SH "DESCRIPTION" .PP The \fBnewgidmap\fR sets /proc/[pid]/gid_map based on its command line arguments and the gids allowed\&. Subgid delegation can either be managed via /etc/subgid or through the configured NSS subid module\&. These options are mutually exclusive\&. .PP Note that the root group is not exempted from the requirement for a valid /etc/subgid entry\&. .PP After the pid argument, \fBnewgidmap\fR expects sets of 3 integers: .PP gid .RS 4 Beginning of the range of GIDs inside the user namespace\&. .RE .PP lowergid .RS 4 Beginning of the range of GIDs outside the user namespace\&. .RE .PP count .RS 4 Length of the ranges (both inside and outside the user namespace)\&. .RE .PP \fBnewgidmap\fR verifies that the caller is the owner of the process indicated by \fBpid\fR and that for each of the above sets, each of the GIDs in the range [lowergid, lowergid+count) is allowed to the caller according to /etc/subgid before setting /proc/[pid]/gid_map\&. .PP Note that newgidmap may be used only once for a given process\&. .SH "OPTIONS" .PP There currently are no options to the \fBnewgidmap\fR command\&. .SH "FILES" .PP /etc/subgid .RS 4 List of user\*(Aqs subordinate group IDs\&. .RE .PP /proc/[pid]/gid_map .RS 4 Mapping of gids from one between user namespaces\&. .RE .SH "SEE ALSO" .PP \fBlogin.defs\fR(5), \fBnewusers\fR(8), \fBsubgid\fR(5), \fBuseradd\fR(8), \fBuserdel\fR(8), \fBusermod\fR(8)\&.