subid: Define SUB_UID_STORE_BY_UID and SUB_GID_STORE_BY_UID

They are not active within this commit, but they are fully documented

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>

diff --git a/etc/login.defs b/etc/login.defs
index 739085da52729b8c83894feaf4f4fe5712c9f7bb..c5ff8e08382ac2d7046214087aeec84af198390f 100644 (file)
--- a/etc/login.defs
+++ b/etc/login.defs
@@ -239,6 +239,10 @@ SYS_UID_MAX                  999
 SUB_UID_MIN               100000
 SUB_UID_MAX            600100000
 SUB_UID_COUNT              65536
+#
+# If set to yes, subordinate user ID entries in /etc/subuid are stored
+# using the numeric user ID rather than the username.
+#SUB_UID_STORE_BY_UID  no
 
 #
 # Min/max values for automatic gid selection in groupadd(8)
@@ -252,6 +256,10 @@ SYS_GID_MAX                  999
 SUB_GID_MIN               100000
 SUB_GID_MAX            600100000
 SUB_GID_COUNT              65536
+#
+# If set to yes, subordinate group ID entries in /etc/subgid are stored
+# using the numeric user ID rather than the username.
+#SUB_GID_STORE_BY_UID  no
 
 #
 # Max number of login(1) retries if password is bad

diff --git a/lib/getdef.c b/lib/getdef.c
index 3a9a423ceb80bd23a63c05131a778fe06145f4b1..fa4a24d36b669875219d2ad3059475d0255d6e31 100644 (file)
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -124,9 +124,11 @@ static struct itemdef def_table[] = {
        {"SUB_GID_COUNT", NULL},
        {"SUB_GID_MAX", NULL},
        {"SUB_GID_MIN", NULL},
+       {"SUB_GID_STORE_BY_UID", NULL},
        {"SUB_UID_COUNT", NULL},
        {"SUB_UID_MAX", NULL},
        {"SUB_UID_MIN", NULL},
+       {"SUB_UID_STORE_BY_UID", NULL},
        {"SULOG_FILE", NULL},
        {"SU_NAME", NULL},
        {"SYS_GID_MAX", NULL},

diff --git a/man/Makefile.am b/man/Makefile.am
index c1cfc90f0443a65521ffbfbf46afe21070af4d2d..bce73359b2da98268e7a7abca84a51ea1c8b4911 100644 (file)
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -183,7 +183,9 @@ login_defs_v = \
        USERGROUPS_ENAB.xml \
        USE_TCB.xml \
        SUB_GID_COUNT.xml \
+       SUB_GID_STORE_BY_UID.xml \
        SUB_UID_COUNT.xml \
+       SUB_UID_STORE_BY_UID.xml \
        SYS_GID_MAX.xml \
        SYS_UID_MAX.xml \
        YESCRYPT_COST_FACTOR.xml

diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
index 009de06d1a461ebaca6f53b8623901431d08e80d..5f4063e5805aa7a7b4da9106bc57f19d2c8a0ab3 100644 (file)
--- a/man/login.defs.5.xml
+++ b/man/login.defs.5.xml
@@ -59,7 +59,9 @@
 <!ENTITY SU_NAME               SYSTEM "login.defs.d/SU_NAME.xml">
 <!ENTITY SU_WHEEL_ONLY         SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
 <!ENTITY SUB_GID_COUNT         SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+<!ENTITY SUB_GID_STORE_BY_UID  SYSTEM "login.defs.d/SUB_GID_STORE_BY_UID.xml">
 <!ENTITY SUB_UID_COUNT         SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+<!ENTITY SUB_UID_STORE_BY_UID  SYSTEM "login.defs.d/SUB_UID_STORE_BY_UID.xml">
 <!ENTITY SYS_GID_MAX           SYSTEM "login.defs.d/SYS_GID_MAX.xml">
 <!ENTITY SYSLOG_SG_ENAB        SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
 <!ENTITY SYSLOG_SU_ENAB        SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
@@ -204,7 +206,9 @@
       &SU_NAME;
       &SU_WHEEL_ONLY;
       &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+      &SUB_GID_STORE_BY_UID;
       &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+      &SUB_UID_STORE_BY_UID;
       &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
       &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
       &SYSLOG_SG_ENAB;
@@ -393,7 +397,9 @@
            PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
            SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
            SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN
+           SUB_GID_STORE_BY_UID
            SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN
+           SUB_UID_STORE_BY_UID
            SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN
            UMASK
            <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
@@ -477,7 +483,9 @@
            MAIL_DIR MAX_MEMBERS_PER_GROUP
            PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
            SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN
+           SUB_GID_STORE_BY_UID
            SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN
+           SUB_UID_STORE_BY_UID
            SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN
            UMASK
            <phrase condition="tcb">TCB_AUTH_GROUP TCB_SYMLINK USE_TCB</phrase>

diff --git a/man/login.defs.d/SUB_GID_STORE_BY_UID.xml b/man/login.defs.d/SUB_GID_STORE_BY_UID.xml
new file mode 100644 (file)
index 0000000..ae11a55
--- /dev/null
+++ b/man/login.defs.d/SUB_GID_STORE_BY_UID.xml
@@ -0,0 +1,16 @@
+<!--
+   SPDX-FileCopyrightText: 2026, shadow-utils contributors
+   SPDX-License-Identifier: BSD-3-Clause
+-->
+<varlistentry condition="subids">
+  <term><option>SUB_GID_STORE_BY_UID</option> (boolean)</term>
+  <listitem>
+    <para>
+      If set to <replaceable>yes</replaceable>,
+      subordinate group ID entries in <filename>/etc/subgid</filename>
+      are stored using the numeric user ID
+      rather than the username.
+      The default value is <replaceable>no</replaceable>.
+    </para>
+  </listitem>
+</varlistentry>

diff --git a/man/login.defs.d/SUB_UID_STORE_BY_UID.xml b/man/login.defs.d/SUB_UID_STORE_BY_UID.xml
new file mode 100644 (file)
index 0000000..888f1ba
--- /dev/null
+++ b/man/login.defs.d/SUB_UID_STORE_BY_UID.xml
@@ -0,0 +1,16 @@
+<!--
+   SPDX-FileCopyrightText: 2026, shadow-utils contributors
+   SPDX-License-Identifier: BSD-3-Clause
+-->
+<varlistentry condition="subids">
+  <term><option>SUB_UID_STORE_BY_UID</option> (boolean)</term>
+  <listitem>
+    <para>
+      If set to <replaceable>yes</replaceable>,
+      subordinate user ID entries in <filename>/etc/subuid</filename>
+      are stored using the numeric user ID
+      rather than the username.
+      The default value is <replaceable>no</replaceable>.
+    </para>
+  </listitem>
+</varlistentry>