From ca3347cc2b7e567357daddc0ec0558d3bbbd9bef Mon Sep 17 00:00:00 2001
From: Albert Esteve <aesteve@redhat.com>
Date: Mon, 4 Aug 2025 15:37:32 +0200
Subject: [PATCH] doc(podman-system.unit.5.md): clarify user/group

Clarify User= and Group= quadlet options
when used simultaneously.

Signed-off-by: Albert Esteve <aesteve@redhat.com>
---
 docs/source/markdown/podman-systemd.unit.5.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/source/markdown/podman-systemd.unit.5.md b/docs/source/markdown/podman-systemd.unit.5.md
index 65ed5446f8..25bd975bef 100644
--- a/docs/source/markdown/podman-systemd.unit.5.md
+++ b/docs/source/markdown/podman-systemd.unit.5.md
@@ -554,6 +554,9 @@ This key can be listed multiple times.
 The (numeric) GID to run as inside the container. This does not need to match the GID on the host,
 which can be modified with `UserNS`, but if that is not specified, this GID is also used on the host.
 
+Note: when both `User=` and `Group=` are specified, they are combined into a single `--user USER:GROUP`
+argument passed to Podman. Using `Group=` without `User=` will result in an error.
+
 ### `GroupAdd=`
 
 Assign additional groups to the primary user running within the container process. Also supports the `keep-groups` special flag.
@@ -968,6 +971,9 @@ The default paths that are read-only are /proc/asound, /proc/bus, /proc/fs, /pro
 The (numeric) UID to run as inside the container. This does not need to match the UID on the host,
 which can be modified with `UserNS`, but if that is not specified, this UID is also used on the host.
 
+Note: when both `User=` and `Group=` are specified, they are combined into a single `--user USER:GROUP`
+argument passed to Podman.
+
 ### `UserNS=`
 
 Set the user namespace mode for the container. This is equivalent to the Podman `--userns` option and