Your message dated Tue, 23 Dec 2025 13:34:04 +0000
with message-id <[email protected]>
and subject line Bug#1100632: fixed in debian-policy 4.7.3.0
has caused the Debian Bug report #1100632,
regarding debian-policy: document subuids
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1100632: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100632
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debian-policy
X-Debbugs-CC: [email protected],
[email protected]
Dear Policy Editors,
passwd/shadow has long ago introduced the concept of "subuids".
Please see subuid(5), or https://manpages.debian.org/bookworm/passwd/subuid.5.en.html
These are used by unshare and other container managers. They are
*automatically* assigned by useradd, when creating non-system users.
Debian's src:shadow uses the same uid-range as upstream:
SUB_UID_MIN 100000
SUB_UID_MAX 600100000
These ranges are in the range currently documented in policy 9.2.2
as:
| 65536-4294967293:
| Dynamically allocated user accounts. By default adduser will not
| allocate UIDs and GIDs in this range, to ease compatibility with
| legacy systems where uid_t is still 16 bits.
Given this concept exists since at least jessie, I think it should
finally be documented in policy, too.
I'm not sure about a text. Maybe:
diff --git i/policy/ch-opersys.rst w/policy/ch-opersys.rst
index 1501076..37b4674 100644
--- i/policy/ch-opersys.rst
+++ w/policy/ch-opersys.rst
@@ -292,11 +292,16 @@ The UID and GID numbers are divided into classes as
follows:
This value *must not* be used, because it was the error return
sentinel value when ``uid_t`` was 16 bits.
-65536-4294967293:
+65536-99999, 600100000-4294967293:
Dynamically allocated user accounts. By default ``adduser`` will not
allocate UIDs and GIDs in this range, to ease compatibility with
legacy systems where ``uid_t`` is still 16 bits.
+100000-600100000:
+ Dynamically allocated subordinate user ids. See subuid(5).
+ ``useradd`` (and thus ``adduser``) automatically allocate these
+ when non-system users are created.
+
4294967294:
``(uid_t)(-2) == (gid_t)(-2)`` *must not* be used, because it is
used as the anonymous, unauthenticated user by some NFS
Thanks,
Chris
--- End Message ---
--- Begin Message ---
Source: debian-policy
Source-Version: 4.7.3.0
Done: Sean Whitton <[email protected]>
We believe that the bug you reported is fixed in the latest version of
debian-policy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Whitton <[email protected]> (supplier of updated debian-policy
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 Dec 2025 13:19:12 +0000
Source: debian-policy
Architecture: source
Version: 4.7.3.0
Distribution: unstable
Urgency: medium
Maintainer: Debian Policy Editors <[email protected]>
Changed-By: Sean Whitton <[email protected]>
Closes: 1091868 1100455 1100632 1110017 1114994
Changes:
debian-policy (4.7.3.0) unstable; urgency=medium
.
* Policy: Document range of subordinate user IDs
Wording: Sean Whitton <[email protected]>
Seconded: Chris Hofstaedtler <[email protected]>
Seconded: Holger Levsen <[email protected]>
Closes: #1100632
* Policy: Git-Tag-Tagger & Git-Tag-Info fields
Wording: Sean Whitton <[email protected]>
Seconded: Ian Jackson <[email protected]>
Seconded: Stuart Prescott <[email protected]>
Closes: #1091868
* Policy: Remove MSDOS-Filename field
Wording: Guillem Jover <[email protected]>
Seconded: Sean Whitton <[email protected]>
Seconded: Chris Hofstaedtler <[email protected]>
Seconded: Holger Levsen <[email protected]>
Closes: #1114994
* Policy: Priority field no longer recommended
Wording: Nilesh Patra <[email protected]>
Seconded: Guillem Jover <[email protected]>
Seconded: Sean Whitton <[email protected]>
Closes: #1110017
* Fix missing word in 10.1 & upgrading checklist.
* Rewrite "date"->"day-of-month" in Policy 3.2.1 (Closes: #1100455).
Thanks to Ahmed Siam for reporting the issue.
* d/control: Drop Priority & Rules-Requires-Root fields.
Checksums-Sha1:
c5f2f98b722f93cfbf4e928a760d21d100fc407a 2363 debian-policy_4.7.3.0.dsc
a21034f9c95f626407903a974904806951f45301 577360 debian-policy_4.7.3.0.tar.xz
3ec1c1dece834bd623f962f1063a70a7ee28a8ee 1193264
debian-policy_4.7.3.0.git.tar.xz
5b3198675115a6e0d90e6d6a16ef6a3b28c2ec1a 17159
debian-policy_4.7.3.0_source.buildinfo
Checksums-Sha256:
2d4e7b9dd194c23f229ac4215fba2b7cb2287d91a10d5910e6abe09485c5ed97 2363
debian-policy_4.7.3.0.dsc
5a76e3daf5895cdc29e209fc214d871c6b2c6f3f20bf15cbcbb12fc3d42e3c03 577360
debian-policy_4.7.3.0.tar.xz
6c52d45f5a1f041b80f0897c7f4736b4cb3d96898bd3163116d0c7135ad8614e 1193264
debian-policy_4.7.3.0.git.tar.xz
5547246a677d843f1fcb30f3460dafb73426e20e0f5dbc7f8f0b507eccc52f09 17159
debian-policy_4.7.3.0_source.buildinfo
Files:
71a11bd21e49d74969689eb3927e3e32 2363 doc optional debian-policy_4.7.3.0.dsc
001ab90ed46de7b9d50b4eb536324b22 577360 doc optional
debian-policy_4.7.3.0.tar.xz
4c19eeda897f19cfd73b8b9a9ab1a85e 1193264 doc None
debian-policy_4.7.3.0.git.tar.xz
7215a823b916606419dbcf61add20e4b 17159 doc optional
debian-policy_4.7.3.0_source.buildinfo
Git-Tag-Info: tag=738e46b1058f4cc78a6f22d592cd165d17d8b2dc
fp=9b917007ae030e36e4fc248b695b7ae4bf066240
Git-Tag-Tagger: Sean Whitton <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmlKl44ACgkQYG0ITkaD
wHlqsxAAnu401Ekuc6cK8XWWTC23nwlz31CLCb5Z9wGKgJjlYgvzpjvmLcXBXfuL
TnxGhDd9K0OuSjLAo64ar8eRGjUHic0LG1vNKP531Rt/tAKsQJb1DY7EP0Jgspiw
xPHTvi//eSqdu0Uw1nxs5jZT1feHW4i/HMmtCPVx4ROg+ElkwYXYBW3Ng2500VXR
Pg5/FimhjohUJFDvqV07ef9vWLIhlswY8DRYIh4Yr6HLJa0xOiyDG6eyKF0nZ3G/
nEaDI2RcLrXxeb7L+24Kyjp/BidNEVSEFKaj1g1toaAR/ovN+/thljFTF9lqJxEe
Iv4rv7afW9PXDmH0L0tkqlFoQsDTJ784KF118acTU4KdDraDturWSEnOrgXcL5o6
AIXqUFeV6P6MMelVAA1sfkG1/uZqzTpWh7FMgwi2FBSNF1s9QxGgq4HV0q7F+/5z
IyYKom1a1iP8duihb30yv/QL9rv3rufDjklWUkcETe5lkzDoJb3wcyrI9YTz9PVx
S47xn9p30MyqkM8DMpv9xiQQIuEl+RUpuWoBLLNjEeoCJ92OmR7l7ksrRk/iWD3t
eHY1Q1vHPcDW0W+A5UtgUrJrrEwB+5TVRqOk6lQPUp4imgNGqkLyoxeggvYoozYR
RQMNNOzEyEbRi7hFDLVtOywAdvj61nWBMTfoT3Y5MoTrhuL7Dyo=
=KsEn
-----END PGP SIGNATURE-----
pgp3fqQzfddfl.pgp
Description: PGP signature
--- End Message ---
