Looking for clarification about subuid/gid

I have a question about subuid/gid, to be sure I understand its implications.

Let’s say /etc/subuid contains:


alice has a uid 1000 on the host. Does this mean that:

A) Containers launched by ‘alice’ will run (the init process) as user 100.000 (or the next free id after that) on the host.

B) A user with uid 1000 inside the container will map to 100.000 on the host.

I can see why option B would make a root (uid 0) entry necessary, and that entry was there already.

With the map above, the init process uid of alice’s container would be 100000.
A user with uid 1000 in that container will get mapped to 101000 on the host.

1 Like

Understood, thanks Stéphane!

Hi @stgraber, I am new to LXD and I am trying to understand the implications and capabilities of using subuid/subgid ranges. I understand that, like Adrian mentions, a UID 1000 inside the container will be mapped to a UID 101000 in the host. Let’s say that the content of subuid and subgid files in the host define this entry:


then, the UID 0 in the container will be mapped to the user 100000 in the host, and UID 1000 will be mapped to 101000 in the host, so any process or file created inside the container will be shown as owned by that UID in the host. Then, does the “alice” user have any “ownership” or “capabilities” over those files and processes since the files/processes were created by a subordinate ID that belongs to “alice” user? Or why is the “100000:65536” range defined? What is it used for in relation to the “alice” user?

I have read https://ubuntu.com/blog/custom-user-mappings-in-lxd-containers page but I still don’t understand the implications of the subuid/subgid in Linux. I don’t understand why you need to add the same entries for both root and lxd user and group. Is there any reason why they both should be defined and have the same value?

Also, if you have some good documentation references about what does subuid/subgid do, please share it with me.
Appreciate your help, thanks!