13

usermod -v (--add-sub-uids) and usermod -w (--add-sub-gids) can be used to manipulate the subuid and subgid ranges for a user account, but there appears to be no tool that can merely list them. Is there one?

At least on my Ubuntu 14.04 box getent doesn't seem to be prepared to handle that information from /etc/subuid and /etc/subgid.

Currently I am using a little shell script, using awk for the purpose.

Here's an excerpt from usermod(8):

-v, --add-sub-uids FIRST-LAST
    Add a range of subordinate uids to the users account.
[...]
-V, --del-sub-uids FIRST-LAST
    Remove a range of subordinate uids from the users account.
[...]
-w, --add-sub-gids FIRST-LAST
    Add a range of subordinate gids to the users account.
[...]
-W, --del-sub-gids FIRST-LAST
    Remove a range of subordinate gids from the users account.
[...]
Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
0xC0000022L
  • 16,189
  • 24
  • 102
  • 168
  • 3
    Tool support for namespaces is lagging behind kernel support, so it wouldn't surprise me if the answer was “these tools don't exist yet” or at least “these tools haven't yet made it into most distributions”. – Gilles 'SO- stop being evil' May 11 '14 at 21:31

1 Answers1

1

For the time being, here's the shell script I've been using.

#!/bin/bash
SUBUID=/etc/subuid
SUBGID=/etc/subgid
for i in $SUBUID $SUBGID; do [[ -f "$i" ]] || { echo "ERROR: $i does not exist, but is required."; exit 1; }; done
[[ -n "$1" ]] && USERS=$1 || USERS=$(awk -F : '{x=x " " $1} END{print x}' $SUBUID)
for i in $USERS; do
        awk -F : "\$1 ~ /$i/ {printf(\"%-16s sub-UIDs: %6d..%6d (%6d)\", \$1 \",\", \$2, \$2+\$3, \$3)}" $SUBUID
        awk -F : "\$1 ~ /$i/ {printf(\", sub-GIDs: %6d..%6d (%6d)\", \$2, \$2+\$3, \$3)}" $SUBGID
        echo ""
done

Syntax:

showsubids [username]

If no username is given, all will be listed. If a username is given, only the entries for it will be shown.

Error handling is suboptimal, but if it helps someone ...

0xC0000022L
  • 16,189
  • 24
  • 102
  • 168