From: Sam Morris <sam@robots.org.uk>
Date: Thu, 8 Mar 2018 15:47:40 +0000 (+0000)
Subject: setpriv: add example section
X-Git-Tag: v2.32~36^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1aed71e514ccdb882b932b7ae54a3e80a10d20eb;p=thirdparty%2Futil-linux.git

setpriv: add example section
---

diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1
index 61c3faf9bd..b900f6e082 100644
--- a/sys-utils/setpriv.1
+++ b/sys-utils/setpriv.1
@@ -16,7 +16,7 @@ and
 .BR runuser (1),
 .BR setpriv (1)
 neither uses PAM, nor does it prompt for a password.
-It is a simple, non-setuid wrapper around
+It is a simple, non-set-user-ID wrapper around
 .BR execve (2),
 and can be used to drop privileges in the same way as
 .BR setuidgid (8)
@@ -175,6 +175,20 @@ Be careful with this tool \-\- it may have unexpected security consequences.
 For example, setting no_new_privs and then execing a program that is
 SELinux\-confined (as this tool would do) may prevent the SELinux
 restrictions from taking effect.
+.SH EXAMPLE
+If you're looking for behaviour similar to
+.BR su (1)/ runuser "(1), or " sudo (8)
+(without the
+.B -g
+option), try something like:
+.sp
+.B "    setpriv \-\-reuid=1000 \-\-regid=1000 \-\-init\-groups"
+.PP
+If you want to mimic daemontools'
+.BR setuid (8),
+try:
+.sp
+.B "    setpriv \-\-reuid=1000 \-\-regid=1000 \-\-clear\-groups"
 .SH SEE ALSO
 .BR runuser (1),
 .BR su (1),