man7.org > Linux > man-pages

Linux/UNIX system programming training

subgid(5) — Linux manual page

NAME | DESCRIPTION | LOCAL SUBORDINATE DELEGATION | FILES | SEE ALSO | COLOPHON 

SUBGID(5)             File Formats and Configuration            SUBGID(5)

NAME         top

       subgid - the configuration for subordinate group ids

DESCRIPTION         top

       Subgid authorizes a group id to map ranges of group ids from its
       namespace into child namespaces.

       The delegation of the subordinate gids can be configured via the
       subid field in /etc/nsswitch.conf file. Only one value can be set
       as the delegation source. Setting this field to files configures
       the delegation of gids to /etc/subgid. Setting any other value
       treats the delegation as a plugin following with a name of the
       form libsubid_$value.so. If the value or plugin is missing, then
       the subordinate gid delegation falls back to files.

       Note, that newusers, useradd, and usermod will only create entries
       in /etc/subgid if subid delegation is managed via subid files.

LOCAL SUBORDINATE DELEGATION         top

       Each line in /etc/subgid contains a user name and a range of
       subordinate group ids that user is allowed to use. This is
       specified with three fields delimited by colons (“:”). These
       fields are:

       •   login name or UID

       •   numerical subordinate group ID

       •   numerical subordinate group ID count

       This file specifies the group IDs that ordinary users can use,
       with the newgidmap command, to configure gid mapping in a user
       namespace.

       Multiple ranges may be specified per user.

       When large number of entries (10000-100000 or more) are defined in
       /etc/subgid, parsing performance penalty will become noticeable.
       In this case it is recommended to use UIDs instead of login names.
       Benchmarks have shown speed-ups up to 20x.

FILES         top

       /etc/subgid
           Per user subordinate group IDs.

       /etc/subgid-
           Backup file for /etc/subgid.

SEE ALSO         top

       login.defs(5), newgidmap(1), newuidmap(1), newusers(8), subuid(5),
       useradd(8), userdel(8), usermod(8), user_namespaces(7).

COLOPHON         top

       This page is part of the shadow-utils (utilities for managing
       accounts and shadow password files) project.  Information about
       the project can be found at 
       ⟨https://github.com/shadow-maint/shadow⟩.  If you have a bug report
       for this manual page, send it to
       [email protected].  This page was obtained
       from the project's upstream Git repository
       ⟨https://github.com/shadow-maint/shadow⟩ on 2025-08-11.  (At that
       time, the date of the most recent commit that was found in the
       repository was 2025-08-10.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there is
       a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       [email protected]

shadow-utils 4.18.0             08/11/2025                      SUBGID(5)

Pages that refer to this page: getsubids(1)newgidmap(1)unshare(1)nsswitch.conf(5)subuid(5)user_namespaces(7)newusers(8)useradd(8)userdel(8)usermod(8)

HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI