Bug#1100632: marked as done (debian-policy: document subuids)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 23 Dec 2025 13:34:04 +0000
with message-id <E1vY2Wa-002y4D-2Q@fasolo.debian.org>
and subject line Bug#1100632: fixed in debian-policy 4.7.3.0
has caused the Debian Bug report #1100632,
regarding debian-policy: document subuids
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1100632: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100632
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: debian-policy: document subuids
• From: Chris Hofstaedtler <zeha@debian.org>
• Date: Sun, 16 Mar 2025 14:04:47 +0100
• Message-id: <zpk6vl5bz677k5g3336usb7vs2ejdmsxau34gvosd6g5tx7mug@qqynfj44jnsw>

Package: debian-policy
X-Debbugs-CC: pkg-shadow-devel@lists.alioth.debian.org, base-passwd@packages.debian.org

Dear Policy Editors,

passwd/shadow has long ago introduced the concept of "subuids". Please see subuid(5), or https://manpages.debian.org/bookworm/passwd/subuid.5.en.html

These are used by unshare and other container managers. They are *automatically* assigned by useradd, when creating non-system users.

Debian's src:shadow uses the same uid-range as upstream:

SUB_UID_MIN        100000
SUB_UID_MAX     600100000

These ranges are in the range currently documented in policy 9.2.2 as:

| 65536-4294967293:

| Dynamically allocated user accounts. By default adduser will not | allocate UIDs and GIDs in this range, to ease compatibility with | legacy systems where uid_t is still 16 bits.

Given this concept exists since at least jessie, I think it should finally be documented in policy, too.

I'm not sure about a text. Maybe:

diff --git i/policy/ch-opersys.rst w/policy/ch-opersys.rst
index 1501076..37b4674 100644
--- i/policy/ch-opersys.rst
+++ w/policy/ch-opersys.rst
@@ -292,11 +292,16 @@ The UID and GID numbers are divided into classes as follows:
     This value *must not* be used, because it was the error return
     sentinel value when ``uid_t`` was 16 bits.

-65536-4294967293:
+65536-99999, 600100000-4294967293:
     Dynamically allocated user accounts. By default ``adduser`` will not
     allocate UIDs and GIDs in this range, to ease compatibility with
     legacy systems where ``uid_t`` is still 16 bits.

+100000-600100000:
+    Dynamically allocated subordinate user ids. See subuid(5).
+    ``useradd`` (and thus ``adduser``) automatically allocate these
+    when non-system users are created.
+
 4294967294:
     ``(uid_t)(-2) == (gid_t)(-2)`` *must not* be used, because it is
     used as the anonymous, unauthenticated user by some NFS


Thanks,
Chris

--- End Message ---

--- Begin Message ---

• To: 1100632-close@bugs.debian.org
• Subject: Bug#1100632: fixed in debian-policy 4.7.3.0
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Tue, 23 Dec 2025 13:34:04 +0000
• Message-id: <E1vY2Wa-002y4D-2Q@fasolo.debian.org>
• Reply-to: Sean Whitton <spwhitton@spwhitton.name>

Source: debian-policy
Source-Version: 4.7.3.0
Done: Sean Whitton <spwhitton@spwhitton.name>

We believe that the bug you reported is fixed in the latest version of
debian-policy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1100632@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sean Whitton <spwhitton@spwhitton.name> (supplier of updated debian-policy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 23 Dec 2025 13:19:12 +0000
Source: debian-policy
Architecture: source
Version: 4.7.3.0
Distribution: unstable
Urgency: medium
Maintainer: Debian Policy Editors <debian-policy@lists.debian.org>
Changed-By: Sean Whitton <spwhitton@spwhitton.name>
Closes: 1091868 1100455 1100632 1110017 1114994
Changes:
 debian-policy (4.7.3.0) unstable; urgency=medium
 .
   * Policy: Document range of subordinate user IDs
     Wording: Sean Whitton <spwhitton@spwhitton.name>
     Seconded: Chris Hofstaedtler <zeha@debian.org>
     Seconded: Holger Levsen <holger@layer-acht.org>
     Closes: #1100632
   * Policy: Git-Tag-Tagger & Git-Tag-Info fields
     Wording: Sean Whitton <spwhitton@spwhitton.name>
     Seconded: Ian Jackson <ijackson@chiark.greenend.org.uk>
     Seconded: Stuart Prescott <stuart@debian.org>
     Closes: #1091868
   * Policy: Remove MSDOS-Filename field
     Wording: Guillem Jover <guillem@debian.org>
     Seconded: Sean Whitton <spwhitton@spwhitton.name>
     Seconded: Chris Hofstaedtler <zeha@debian.org>
     Seconded: Holger Levsen <holger@layer-acht.org>
     Closes: #1114994
   * Policy: Priority field no longer recommended
     Wording: Nilesh Patra <nilesh@debian.org>
     Seconded: Guillem Jover <guillem@debian.org>
     Seconded: Sean Whitton <spwhitton@spwhitton.name>
     Closes: #1110017
   * Fix missing word in 10.1 & upgrading checklist.
   * Rewrite "date"->"day-of-month" in Policy 3.2.1 (Closes: #1100455).
     Thanks to Ahmed Siam for reporting the issue.
   * d/control: Drop Priority & Rules-Requires-Root fields.
Checksums-Sha1:
 c5f2f98b722f93cfbf4e928a760d21d100fc407a 2363 debian-policy_4.7.3.0.dsc
 a21034f9c95f626407903a974904806951f45301 577360 debian-policy_4.7.3.0.tar.xz
 3ec1c1dece834bd623f962f1063a70a7ee28a8ee 1193264 debian-policy_4.7.3.0.git.tar.xz
 5b3198675115a6e0d90e6d6a16ef6a3b28c2ec1a 17159 debian-policy_4.7.3.0_source.buildinfo
Checksums-Sha256:
 2d4e7b9dd194c23f229ac4215fba2b7cb2287d91a10d5910e6abe09485c5ed97 2363 debian-policy_4.7.3.0.dsc
 5a76e3daf5895cdc29e209fc214d871c6b2c6f3f20bf15cbcbb12fc3d42e3c03 577360 debian-policy_4.7.3.0.tar.xz
 6c52d45f5a1f041b80f0897c7f4736b4cb3d96898bd3163116d0c7135ad8614e 1193264 debian-policy_4.7.3.0.git.tar.xz
 5547246a677d843f1fcb30f3460dafb73426e20e0f5dbc7f8f0b507eccc52f09 17159 debian-policy_4.7.3.0_source.buildinfo
Files:
 71a11bd21e49d74969689eb3927e3e32 2363 doc optional debian-policy_4.7.3.0.dsc
 001ab90ed46de7b9d50b4eb536324b22 577360 doc optional debian-policy_4.7.3.0.tar.xz
 4c19eeda897f19cfd73b8b9a9ab1a85e 1193264 doc None debian-policy_4.7.3.0.git.tar.xz
 7215a823b916606419dbcf61add20e4b 17159 doc optional debian-policy_4.7.3.0_source.buildinfo
Git-Tag-Info: tag=738e46b1058f4cc78a6f22d592cd165d17d8b2dc fp=9b917007ae030e36e4fc248b695b7ae4bf066240
Git-Tag-Tagger: Sean Whitton <spwhitton@spwhitton.name>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmlKl44ACgkQYG0ITkaD
wHlqsxAAnu401Ekuc6cK8XWWTC23nwlz31CLCb5Z9wGKgJjlYgvzpjvmLcXBXfuL
TnxGhDd9K0OuSjLAo64ar8eRGjUHic0LG1vNKP531Rt/tAKsQJb1DY7EP0Jgspiw
xPHTvi//eSqdu0Uw1nxs5jZT1feHW4i/HMmtCPVx4ROg+ElkwYXYBW3Ng2500VXR
Pg5/FimhjohUJFDvqV07ef9vWLIhlswY8DRYIh4Yr6HLJa0xOiyDG6eyKF0nZ3G/
nEaDI2RcLrXxeb7L+24Kyjp/BidNEVSEFKaj1g1toaAR/ovN+/thljFTF9lqJxEe
Iv4rv7afW9PXDmH0L0tkqlFoQsDTJ784KF118acTU4KdDraDturWSEnOrgXcL5o6
AIXqUFeV6P6MMelVAA1sfkG1/uZqzTpWh7FMgwi2FBSNF1s9QxGgq4HV0q7F+/5z
IyYKom1a1iP8duihb30yv/QL9rv3rufDjklWUkcETe5lkzDoJb3wcyrI9YTz9PVx
S47xn9p30MyqkM8DMpv9xiQQIuEl+RUpuWoBLLNjEeoCJ92OmR7l7ksrRk/iWD3t
eHY1Q1vHPcDW0W+A5UtgUrJrrEwB+5TVRqOk6lQPUp4imgNGqkLyoxeggvYoozYR
RQMNNOzEyEbRi7hFDLVtOywAdvj61nWBMTfoT3Y5MoTrhuL7Dyo=
=KsEn
-----END PGP SIGNATURE-----

Attachment: pgpi1uA3jPa72.pgp
Description: PGP signature

--- End Message ---