44 lines
937 B
Groff
44 lines
937 B
Groff
Add -u flag, to drop privileges to that user given
|
|
|
|
Index: arpwatch.8
|
|
--- arpwatch.8.orig
|
|
+++ arpwatch.8
|
|
@@ -43,6 +43,9 @@ arpwatch - keep track of ethernet/ip address pairings
|
|
]] [
|
|
.B -r
|
|
.I file
|
|
+] [
|
|
+.B -u
|
|
+.I username
|
|
]
|
|
.ad
|
|
.SH DESCRIPTION
|
|
@@ -94,6 +97,18 @@ of reading from the network. In this case,
|
|
.B arpwatch
|
|
does not fork.
|
|
.LP
|
|
+The
|
|
+.B -u
|
|
+flag instructs
|
|
+.B arpwatch
|
|
+to drop root privileges and change the UID to
|
|
+.I username
|
|
+and GID to the primary group of
|
|
+.I username .
|
|
+This is recommended for security reasons, but
|
|
+.I username
|
|
+has to have write access to the default directory.
|
|
+.LP
|
|
Note that an empty
|
|
.I arp.dat
|
|
file must be created before the first time you run
|
|
@@ -152,7 +167,7 @@ addresses was a DECnet address.
|
|
.na
|
|
.nh
|
|
.nf
|
|
-/usr/operator/arpwatch - default directory
|
|
+${VARBASE}/arpwatch - default directory
|
|
arp.dat - ethernet/ip address database
|
|
ethercodes.dat - vendor ethernet block list
|
|
.ad
|