On Tuesday 16 July 2019 23:11:24 Florian Weimer wrote: > * Nicholas D. Steeves: > > Package name : fuidshift > > Version : 3.0 > > Upstream Author : Name <someb...@example.org> > > URL : https://github.com/lxc/lxd/tree/master/fuidshift > > License : Apache 2.0 > > Programming Lang: Go > > Description : remap a filesystem tree to shift one set of UID/GID > > ranges to another
... > How does this compare to (or interact with) newuidmap and newgidmap > from uidmap? They do very different things. Let me try a short description : newuidmap - set the uid mapping of a user namespace (from manpage) fuidshift - shift the uid/gid of files *on disk* fuidshift is basically a recursive chown $(( $(stat -c '%u' "$path") + $uidshift )) "$path" It does not use or configure user namespaces or containers. It's useful for the creation of containers images, for example when the container root filesystem is read-only (squashfs) and the container engine can't change the uids at runtime (see for example systemd-nspawn --private- users=pick / --private-users-chown). So fuidshift may be used to prepare a directory for later use by newuidmap, but that's about it. > There's a push to force uidmap on everyone, with tight integration > into NSS. If there's a competing scheme, it would be helpful to know > about it.