RFC: nss module for automatically give all users a full sub(u/g)id range

Question

RFC: nss module for automatically give all users a full sub(u/g)id range

AndersBlomdell opened this issue a year ago · 3 comments

We want all our users to be able to run containers, hence I wrote the subid_maximal.txt nss plugin that gives all users with uid between 1-65533 the full range of (65536) of sub(u/g)id's

Sorry for placing C code in a .txt file...

subid_maximal.txt

Answer 1 · 2023-10-18T07:55:48.000Z

Is this a bug, or a way of sharing your code? It's not clear to me.

In any case, your proposal would exhaust the subid's range, so if you had any centrally managed user they would be unable to use subids.

Answer 2 · 2023-10-18T08:03:44.000Z

A way of sharing my code.

As long as the centrally administered users uid falls within 1-65533 they will have subids on systems where /etc/nsswitch.conf has a subid: maximal entry (this is the case here where some users [students] are centrally administered but without centrally administered subid's)

Answer 3 · 2024-04-16T21:04:53.000Z

Thanks - maybe we should have a shadow discuss instance or subreddit or something for sharing things like this.