User creation/deletion fails when a subid provider is configured in nsswitch.conf

[yrro]

Version: shadow-utils-4.15.1-2.fc40.x86_64

In /etc/nsswitch.conf I have subid: sss. This prevents useradd from being able to create users:

# useradd -G localx
useradd: failed to reset the lastlog entry of UID 1001: No such file or directory
useradd: failed to prepare the new /etc/subuid entry

It's not immediately clear which of these messages prevents the user from being created, but after commenting out the subid entry in /etc/nsswitch.conf, useradd works.

There's no command line option to disable subid allocation. According to #289, setting SUB_UID_COUNT and SUB_GID_COUNT to 0 in /etc/login.defs. This allows useradd to work again, however, userdel still fails:

# userdel localx
userdel: cannot remove entry 1001 from /etc/subuid

[hallyn]

Several separate issues here.

nsswitch.conf having sss entry is of course up to your distro.

useradd breaking with the sss entry is probably a distro or sss issue.

Not having an option to useradd to disable subuid/subgid allocation is a reasonable feature request.

userdel breaking when SUB_XID_COUNT is 0 is a definit bug, so let's make this issue for that. If you want to make another issue for the feature of a command line option to disable subuid allocation, that would be great.

[aiace9]

Version: shadow-utils-4.14.0-2.fc39

I am also interested because I have the same issue. However, I am less impacted because removing the user is not contemplated in my use case.