man: clarify subid delegation behaviour

Following the discussion https://github.com/shadow-maint/shadow/pull/345
I have changed the documentation to clarify the behaviour of subid
delegation when any subid source except files is configured.
This commit is contained in:
Iker Pedrosa 2021-06-07 11:50:56 +02:00
parent a6154b8572
commit 68ebbf9360
2 changed files with 10 additions and 12 deletions

View File

@ -87,12 +87,11 @@
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename> based on its
command line arguments and the gids allowed. The subid delegation can come either from files
(<filename>/etc/subgid</filename>) or from the configured NSS subid module. Only one of them
can be chosen at a time. So, for example, if the subid source is configured as NSS and
<command>groupadd</command> is executed, then the command will fail and the entry will not be
created in <filename>/etc/subgid</filename>.
The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename>
based on its command line arguments and the gids allowed. Subgid
delegation can either be managed via <filename>/etc/subgid</filename>
or through the configured NSS subid module. These options are mutually
exclusive.
</para>
<para>

View File

@ -87,12 +87,11 @@
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename> based on its
command line arguments and the uids allowed. The subid delegation can come either from files
(<filename>/etc/subuid</filename>) or from the configured NSS subid module. Only one of them
can be chosen at a time. So, for example, if the subid source is configured as NSS and
<command>useradd</command> is executed, then the command will fail and the entry will not be
created in <filename>/etc/subuid</filename>.
The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename>
based on its command line arguments and the uids allowed. Subuid
delegation can either be managed via <filename>/etc/subuid</filename> or
through the configured NSS subid module. These options are mutually
exclusive.
</para>
<para>