1715193 – Need nsswitch support for /etc/subuid and /etc/subgid content

Bug 1715193 - Need nsswitch support for /etc/subuid and /etc/subgid content

Summary: Need nsswitch support for /etc/subuid and /etc/subgid content

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	glibc
Sub Component:
Version:	8.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	Carlos O'Donell
QA Contact:	qe-baseos-tools-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	1715195
Blocks:
TreeView+	depends on / blocked

Reported:	2019-05-29 19:24 UTC by Daniel Walsh
Modified:	2023-07-18 14:30 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1715195 (view as bug list)
Environment:
Last Closed:	2020-01-21 14:23:13 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Proposal for adding subuid and subgid to nsswitch (1.84 KB, text/plain) 2019-10-17 12:59 UTC, Daniel Walsh	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	shadow-maint shadow issues 154	0	'None'	open	subid ranges sourced from the network store	2021-01-05 15:16:07 UTC
Red Hat Issue Tracker	RHELPLAN-33163	0	None	None	None	2023-01-04 10:44:30 UTC

Description Daniel Walsh 2019-05-29 19:24:21 UTC

Lots of people are playing with the new container runtime tools that run containers as non root, like Podman and Buildah.

These tools take advantage of the /etc/subuid and /etc/subgid files provided by shadow-utils and updated via useradd for managing extra uids to be used by the user within containers.

A lot of people using these tools want to be able to destribute the content in these files the same way they do for content in /etc/passwd.

Basically they want to have nsswitch support for them.

Comment 5 Daniel Walsh 2019-10-17 12:59:17 UTC

Created attachment 1626792 [details]
Proposal for adding subuid and subgid to nsswitch

Comment 6 Daniel Walsh 2019-10-17 13:00:02 UTC

I added the text, I attempted to update the Wiki, but it would not allow me to edit a new page.

Comment 7 Carlos O'Donell 2020-01-06 22:00:38 UTC

(In reply to Daniel Walsh from comment #6)
> I added the text, I attempted to update the Wiki, but it would not allow me
> to edit a new page.

I missed this comment. Are you talking about the glibc wiki?

Please have a look at this:
https://sourceware.org/glibc/wiki/EditorGroup

Your account will be deleted if you didn't get added to EditorGroup in a timely fashion, so you may need to recreate your account.

Comment 8 Carlos O'Donell 2020-01-07 03:22:16 UTC

I've commented on this upstream again, summarizing the past comments and adding my own reflection on the design direction:
https://github.com/shadow-maint/shadow/issues/154#issuecomment-571415244

Next week I'm going to close this issue as CLOSED/UPSTREAM, as something we can track upstream. RHEL would inherit a choice made and designed upstream. We would reopen a new bug to backport a solution from upstream (which may not be in glibc).

Note You need to log in before you can comment on or make changes to this bug.