Mapping two users to host with user namespaces

I'm trying to understand whether it's possible to map two users from a **user namespace** to two different users on the host. The goal is to replicate the same permissions I have on my host inside a rootfs (Ubuntu base, because I'm trying to build a container from scratch). For example: - Everything under / should belong to root. - /home/user should belong to the regular user. To achieve this, I was thinking of using UID mapping in a user namespace, something like:

UID in user namespace      ---> UID on host
      1000 (admin)         ->       0 (root)
      1001 (bob)           ->    1001 (bob)

Is this kind of mapping even possible? Here’s what I’ve already tried: - Running echo -e "1000 0 1\n1001 1001 1" > /proc/[PID]/uid_map to define the mapping, but I get an error. - Trying to manually modify /proc/[PID]/uid_map using newuidmap for each user. However, I’ve never been able to map more than one user, and I can’t seem to map UID 0 (root) at all. I’ve read the man pages and followed the constraints mentioned there, but I’m still getting error messages. For example:

# terminal 1

unshare --user bash
echo $$ # 11591

# terminal 2 as user 'alex' (uid = 1000)

newuidmap 11591 0 0 1
# newuidmap: uid range [0-1) -> [0-1) not allowed

newuidmap 11591 1001 1001 1
# newuidmap: uid range [1001-1002) -> [1001-1002) not allowed

These commands fail, even when run with sudo. I also tried mapping to subuids that I’ve declared, but it still doesn’t work:

cat /etc/subuid

alex:100000:65536
root:200000:65536
self:300000:65536

cat /etc/subgid

alex:100000:65536
root:200000:65536
self:300000:65536