From 68ebbf936038e4e4c8b5105bd3246ef9709b6354 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Mon, 7 Jun 2021 11:50:56 +0200
Subject: [PATCH] man: clarify subid delegation behaviour

Following the discussion https://github.com/shadow-maint/shadow/pull/345
I have changed the documentation to clarify the behaviour of subid
delegation when any subid source except files is configured.
---
 man/newgidmap.1.xml | 11 +++++------
 man/newuidmap.1.xml | 11 +++++------
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/man/newgidmap.1.xml b/man/newgidmap.1.xml
index 7aaf34bf..681aefcb 100644
--- a/man/newgidmap.1.xml
+++ b/man/newgidmap.1.xml
@@ -87,12 +87,11 @@
   <refsect1 id='description'>
     <title>DESCRIPTION</title>
     <para>
-      The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename> based on its
-      command line arguments and the gids allowed. The subid delegation can come either from files
-      (<filename>/etc/subgid</filename>) or from the configured NSS subid module. Only one of them
-      can be chosen at a time. So, for example, if the subid source is configured as NSS and
-      <command>groupadd</command> is executed, then the command will fail and the entry will not be
-      created in <filename>/etc/subgid</filename>.
+      The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename>
+      based on its command line arguments and the gids allowed. Subgid
+      delegation can either be managed via <filename>/etc/subgid</filename>
+      or through the configured NSS subid module. These options are mutually
+      exclusive.
     </para>
 
     <para>
diff --git a/man/newuidmap.1.xml b/man/newuidmap.1.xml
index 4bc1ef7a..09e65d80 100644
--- a/man/newuidmap.1.xml
+++ b/man/newuidmap.1.xml
@@ -87,12 +87,11 @@
   <refsect1 id='description'>
     <title>DESCRIPTION</title>
     <para>
-      The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename> based on its
-      command line arguments and the uids allowed. The subid delegation can come either from files
-      (<filename>/etc/subuid</filename>) or from the configured NSS subid module. Only one of them
-      can be chosen at a time. So, for example, if the subid source is configured as NSS and
-      <command>useradd</command> is executed, then the command will fail and the entry will not be
-      created in <filename>/etc/subuid</filename>.
+      The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename>
+      based on its command line arguments and the uids allowed. Subuid
+      delegation can either be managed via <filename>/etc/subuid</filename> or
+      through the configured NSS subid module. These options are mutually
+      exclusive.
     </para>
 
     <para>