[Pkg-shadow-devel] [test] newuidmap/newgidmap

Serge Hallyn serge.hallyn at ubuntu.com
Tue Jun 3 15:38:05 UTC 2014

Quoting Philippe Grégoire (gregoirep at hotmail.com):
> Hi,
> This is a follow-up on Christian Perrier's feedback request. Also, this issue is
> related to the shadow package in general not specifically Debian. Please feel
> free, to redirect to appropriate channels.
> Currently, calling newuidmap fails if called by root; which I used to consider
> non-sense. Checking newuidmap's code shows that only /etc/subuid and "$d $userid 1"
> are allowed to be specified. Thus, if root is not present in subuid, the call
> fails.
> I considered adding a getuid-type check for root, then a capget() for CAP_SETUID
> and then considered doing the same checks the kernel does. Well, that would
> amount to copying what the kernel does, which is never a good thing. Putting it
> simply, newuidmap is meant to be used by regular users..
> The more appropriate response would be to add a note to the manual mentionning
> that a user should do some kind of
>   echo $mapping > /proc/[pid]/uid_map
> if newuidmap fails with a specific error code. Also, newuidmap would have to
> return the aforementioned code in verify_ranges() (instead of EXIT_FAILURE).
> This also applies to newgidmap(1).

Yeah, Eric and I discussed this a bit in this thread (which this list was also
cc:d on)  :


I personally still feel as you do, that root should be a special case who can
do as he likes;  OTOH it's not an unreasonable argument that (a) root can do
as he likes manually anyway, and (b) requiring this gives some default
protective isolation of subuids for root.


More information about the Pkg-shadow-devel mailing list