emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Merge pull request #345 from ikerexxe/subid_single_source

Browse Source 
man: clarify subid delegation
This commit is contained in:
Christian Brauner 2021-05-25 14:20:17 +02:00 committed by GitHub
commit 0871122443
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
man/newgidmap.1.xml
View File

@ -88,9 +88,15 @@
<title>DESCRIPTION</title>
<para>
The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename> based on its
command line arguments and the gids allowed (either in <filename>/etc/subgid</filename> or
through the configured NSS subid module).
Note that the root user is not exempted from the requirement for a valid
command line arguments and the gids allowed. The subid delegation can come either from files
(<filename>/etc/subgid</filename>) or from the configured NSS subid module. Only one of them
can be chosen at a time. So, for example, if the subid source is configured as NSS and
<command>groupadd</command> is executed, then the command will fail and the entry will not be
created in <filename>/etc/subgid</filename>.
</para>
<para>
Note that the root group is not exempted from the requirement for a valid
<filename>/etc/subgid</filename> entry.
</para>

10
man/newuidmap.1.xml
View File

@ -88,8 +88,14 @@
<title>DESCRIPTION</title>
<para>
The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename> based on its
command line arguments and the uids allowed (either in <filename>/etc/subuid</filename> or
through the configured NSS subid module).
command line arguments and the uids allowed. The subid delegation can come either from files
(<filename>/etc/subuid</filename>) or from the configured NSS subid module. Only one of them
can be chosen at a time. So, for example, if the subid source is configured as NSS and
<command>useradd</command> is executed, then the command will fail and the entry will not be
created in <filename>/etc/subuid</filename>.
</para>
<para>
Note that the root user is not exempted from the requirement for a valid
<filename>/etc/subuid</filename> entry.
</para>