Relevant BUGIDs: 404953

Purpose of commit: bugfix

Commit summary:
---------------
The syntax "<domain> -" was not recognized.

1 files changed, 16 insertions, 7 deletions

diff --git a/doc/modules/pam_limits.sgml b/doc/modules/pam_limits.sgml
index 00ff532e..52b8771f 100644
--- a/doc/modules/pam_limits.sgml
+++ b/doc/modules/pam_limits.sgml
@@ -109,7 +109,7 @@ The fields listed above should be filled as follows...<newline>
 </itemize>
 
 <p>
-<tt>&lt;type&gt;</tt> can have the two values:
+<tt>&lt;type&gt;</tt> can have the three values:
 <itemize>
 
 <item> <tt/hard/ for enforcing <em/hard/ resource limits. These limits
@@ -122,6 +122,9 @@ by any pre-exisiting <em/hard/ limits. The values specified with this
 token can be thought of as <em/default/ values, for normal system
 usage.
 
+<item> <tt/-/ for enforcing both <em/soft/ and <em/hard/ limits
+together.
+
 </itemize>
 
 <p>
@@ -142,12 +145,18 @@ usage.
 </itemize>
 
 <p>
-To completely disable limits for a user (or a group), a single dash
-(-) will do (Example: ``<tt/bin -/'', ``<tt/@admin -/''). Please
-remember that individual limits have priority over group limits, so if
-you impose no limits for <tt/admin/ group, but one of the members in this
-group have a limits line, the user will have its limits set according
-to this line.
+Note, if you specify a type of ``-'' but neglect to supply the
+<tt/item/ and <tt/value/ fields then the module will never enforce any
+limits on the corresponding user/group-members etc. . Note, the first
+entry of the form which applies to the authenticating user will
+override all other entries in the limits configuration file. In such
+cases, the <tt/pam_limits/ module will always return <tt/PAM_SUCCESS/.
+
+<p>
+In general, individual limits have priority over group limits, so if
+you impose no limits for <tt/admin/ group, but one of the members in
+this group have a limits line, the user will have its limits set
+according to this line.
 
 <p>
 Also, please note that all limit settings are set <em/per login/.