# Extra per user uids
SUB_UID_MIN 100000
SUB_UID_MAX 600100000
-SUB_UID_COUNT 10000
+SUB_UID_COUNT 65536
#
# Min/max values for automatic gid selection in groupadd(8)
# Extra per user group ids
SUB_GID_MIN 100000
SUB_GID_MAX 600100000
-SUB_GID_COUNT 10000
+SUB_GID_COUNT 65536
#
# Max number of login(1) retries if password is bad
min = getdef_ulong ("SUB_GID_MIN", 100000UL);
max = getdef_ulong ("SUB_GID_MAX", 600100000UL);
- count = getdef_ulong ("SUB_GID_COUNT", 10000);
+ count = getdef_ulong ("SUB_GID_COUNT", 65536);
if (min > max || count >= max || (min + count - 1) > max) {
(void) fprintf (stderr,
min = getdef_ulong ("SUB_UID_MIN", 100000UL);
max = getdef_ulong ("SUB_UID_MAX", 600100000UL);
- count = getdef_ulong ("SUB_UID_COUNT", 10000);
+ count = getdef_ulong ("SUB_UID_COUNT", 65536);
if (min > max || count >= max || (min + count - 1) > max) {
(void) fprintf (stderr,
#endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
+#ifdef ENABLE_SUBIDS
+ uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
+ uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+#endif
+
/*
* Get my name so that I can use it to report errors.
*/
is_shadow_grp = sgr_file_present ();
#endif
#ifdef ENABLE_SUBIDS
- is_sub_uid = sub_uid_file_present ();
- is_sub_gid = sub_gid_file_present ();
+ is_sub_uid = sub_uid_file_present () && !rflg &&
+ (!user_id || (user_id <= uid_max && user_id >= uid_min));
+ is_sub_gid = sub_gid_file_present () && !rflg &&
+ (!user_id || (user_id <= uid_max && user_id >= uid_min));
#endif /* ENABLE_SUBIDS */
get_defaults ();