Bug 2179987

Summary: preallocated subordinate user/group IDs don't get honored
Product: Red Hat Enterprise Linux 9 Reporter: Iker Pedrosa <ipedrosa>
Component: shadow-utilsAssignee: Iker Pedrosa <ipedrosa>
Status: CLOSED ERRATA QA Contact: Anuj Borah <aborah>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 9.0CC: mharri, mivollme, pbrezina, sssd-qe
Target Milestone: rcKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: shadow-utils-4.9-7.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2012929 Environment:
Last Closed: 2023-11-07 08:53:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2012929    
Bug Blocks:    

Description Iker Pedrosa 2023-03-20 14:07:13 UTC 
+++ This bug was initially created as a clone of Bug #2012929 +++

Description of problem:
If a user wants to manually manage the sub[ug]id ranges before he creates the users those changes don't get reflected in /etc/subuid and /etc/subgid

Version-Release number of selected component (if applicable):
# rpm -qa|grep shado
shadow-utils-4.6-12.el8.x86_64

How reproducible:
always

Steps to Reproduce:
1. echo container:493216:65536 >> /etc/subuid 
   echo container:493216:65536 >> /etc/subgid 
2. useradd container 
3. cat /etc/subuid 
  container:493216:65536 
  container:558752:65536

Actual results:
I see two independent entries for the same user with different ranges. The first one is the expected one which I put manually. The second one comes from useradd and is auto generated.
According to the man page of useradd this should NOT happen:
       SUB_GID_MIN (number), SUB_GID_MAX (number), SUB_GID_COUNT (number)
           If /etc/subuid exists, the commands useradd and newusers (unless the user already have subordinate group IDs) allocate SUB_GID_COUNT unused group IDs from the range SUB_GID_MIN to SUB_GID_MAX for each new
           user.

           The default values for SUB_GID_MIN, SUB_GID_MAX, SUB_GID_COUNT are respectively 100000, 600100000 and 65536.

       SUB_UID_MIN (number), SUB_UID_MAX (number), SUB_UID_COUNT (number)
           If /etc/subuid exists, the commands useradd and newusers (unless the user already have subordinate user IDs) allocate SUB_UID_COUNT unused user IDs from the range SUB_UID_MIN to SUB_UID_MAX for each new
           user.
I want to highlight "unless the user already have subordinate group/user IDs"

Expected results:
useradd honors the predefined values in /etc/subuid, /etc/subgid and doesn't add different values for the new created user.

Additional info:

--- Additional comment from Iker Pedrosa on 2022-12-01 12:21:25 UTC ---

master:
    useradd: check if subid range exists for user - e0524e813a3bae2891b33a66f35876841c11cee7
Comment 5 errata-xmlrpc 2023-11-07 08:53:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: shadow-utils security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6632