man: clarify subid delegation behaviour

Following the discussion shadow-maint#345 I have changed the documentation to clarify the behaviour of subid delegation when any subid source except files is configured.
rbalint · Jun 15, 2021 · 68ebbf9 · 68ebbf9
1 parent a6154b8
commit 68ebbf9
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 12 deletions.
diff --git a/man/newgidmap.1.xml b/man/newgidmap.1.xml
@@ -87,12 +87,11 @@
   <refsect1 id='description'>
     <title>DESCRIPTION</title>
     <para>
-      The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename> based on its
-      command line arguments and the gids allowed. The subid delegation can come either from files
-      (<filename>/etc/subgid</filename>) or from the configured NSS subid module. Only one of them
-      can be chosen at a time. So, for example, if the subid source is configured as NSS and
-      <command>groupadd</command> is executed, then the command will fail and the entry will not be
-      created in <filename>/etc/subgid</filename>.
+      The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename>
+      based on its command line arguments and the gids allowed. Subgid
+      delegation can either be managed via <filename>/etc/subgid</filename>
+      or through the configured NSS subid module. These options are mutually
+      exclusive.
     </para>
 
     <para>

diff --git a/man/newuidmap.1.xml b/man/newuidmap.1.xml
@@ -87,12 +87,11 @@
   <refsect1 id='description'>
     <title>DESCRIPTION</title>
     <para>
-      The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename> based on its
-      command line arguments and the uids allowed. The subid delegation can come either from files
-      (<filename>/etc/subuid</filename>) or from the configured NSS subid module. Only one of them
-      can be chosen at a time. So, for example, if the subid source is configured as NSS and
-      <command>useradd</command> is executed, then the command will fail and the entry will not be
-      created in <filename>/etc/subuid</filename>.
+      The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename>
+      based on its command line arguments and the uids allowed. Subuid
+      delegation can either be managed via <filename>/etc/subuid</filename> or
+      through the configured NSS subid module. These options are mutually
+      exclusive.
     </para>
 
     <para>