From: Pat Riehecky Date: Wed, 11 Mar 2026 17:28:42 +0000 (-0500) Subject: subid: start using SUB_UID_STORE_BY_UID/GID X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6871f050c2e21cf4d3053cab3898bf4a05ed40bb;p=thirdparty%2Fshadow.git subid: start using SUB_UID_STORE_BY_UID/GID This adds two new options to /etc/login.defs: * SUB_UID_STORE_BY_UID * SUB_GID_STORE_BY_UID They default to 'no' but when set 'yes' the subuid/subgid entries will be written by uid rather than username. Closes: https://github.com/shadow-maint/shadow/issues/1554 Reviewed-by: Alejandro Colomar Signed-off-by: Pat Riehecky --- diff --git a/lib/subordinateio.c b/lib/subordinateio.c index 2960674b7..09c7e6774 100644 --- a/lib/subordinateio.c +++ b/lib/subordinateio.c @@ -634,7 +634,21 @@ int sub_uid_add (const char *owner, uid_t start, unsigned long count) errno = EOPNOTSUPP; return 0; } - return add_range (&subordinate_uid_db, owner, start, count); + if (getdef_bool("SUB_UID_STORE_BY_UID")) { + char uid_string[ID_SIZE]; + const struct passwd *pw; + + pw = getpw_uid_or_nam(owner); + if (NULL == pw) + return 0; + + if (stprintf_a(uid_string, "%u", pw->pw_uid) == -1) + return 0; + + return add_range(&subordinate_uid_db, uid_string, start, count); + } else { + return add_range(&subordinate_uid_db, owner, start, count); + } } /* Return 1 on success. on failure, return 0 and set errno appropriately */ @@ -772,7 +786,21 @@ int sub_gid_add (const char *owner, gid_t start, unsigned long count) errno = EOPNOTSUPP; return 0; } - return add_range (&subordinate_gid_db, owner, start, count); + if (getdef_bool("SUB_GID_STORE_BY_UID")) { + char uid_string[ID_SIZE]; + const struct passwd *pw; + + pw = getpw_uid_or_nam(owner); + if (NULL == pw) + return 0; + + if (stprintf_a(uid_string, "%u", pw->pw_uid) == -1) + return 0; + + return add_range(&subordinate_gid_db, uid_string, start, count); + } else { + return add_range(&subordinate_gid_db, owner, start, count); + } } /* Return 1 on success. on failure, return 0 and set errno appropriately */