emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

man: clarify subid delegation

Browse Source 
Clarify that the subid delegation can only come from one source.
Moreover, add an example of what might happen if the subid source is NSS
and useradd is executed.

Related: https://github.com/shadow-maint/shadow/issues/331
This commit is contained in:
Iker Pedrosa 2021-05-24 12:14:43 +02:00
parent ec1951c181
commit d5b15f8633
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
man/newgidmap.1.xml
View File

@ -88,9 +88,15 @@
<title>DESCRIPTION</title> <title>DESCRIPTION</title>
<para> <para>
The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename> based on its The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename> based on its
command line arguments and the gids allowed (either in <filename>/etc/subgid</filename> or command line arguments and the gids allowed. The subid delegation can come either from files
through the configured NSS subid module). (<filename>/etc/subgid</filename>) or from the configured NSS subid module. Only one of them
Note that the root user is not exempted from the requirement for a valid can be chosen at a time. So, for example, if the subid source is configured as NSS and
<command>groupadd</command> is executed, then the command will fail and the entry will not be
created in <filename>/etc/subgid</filename>.
</para>
<para>
Note that the root group is not exempted from the requirement for a valid
<filename>/etc/subgid</filename> entry. <filename>/etc/subgid</filename> entry.
</para> </para>

10
man/newuidmap.1.xml
View File

@ -88,8 +88,14 @@
<title>DESCRIPTION</title> <title>DESCRIPTION</title>
<para> <para>
The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename> based on its The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename> based on its
command line arguments and the uids allowed (either in <filename>/etc/subuid</filename> or command line arguments and the uids allowed. The subid delegation can come either from files
through the configured NSS subid module). (<filename>/etc/subuid</filename>) or from the configured NSS subid module. Only one of them
can be chosen at a time. So, for example, if the subid source is configured as NSS and
<command>useradd</command> is executed, then the command will fail and the entry will not be
created in <filename>/etc/subuid</filename>.
</para>
<para>
Note that the root user is not exempted from the requirement for a valid Note that the root user is not exempted from the requirement for a valid
<filename>/etc/subuid</filename> entry. <filename>/etc/subuid</filename> entry.
</para> </para>