setpriv: add example section

1 files changed, 15 insertions, 1 deletions

diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1
index 61c3faf9b..b900f6e08 100644
--- a/sys-utils/setpriv.1
+++ b/sys-utils/setpriv.1
@@ -16,7 +16,7 @@ and
 .BR runuser (1),
 .BR setpriv (1)
 neither uses PAM, nor does it prompt for a password.
-It is a simple, non-setuid wrapper around
+It is a simple, non-set-user-ID wrapper around
 .BR execve (2),
 and can be used to drop privileges in the same way as
 .BR setuidgid (8)
@@ -175,6 +175,20 @@ Be careful with this tool \-\- it may have unexpected security consequences.
 For example, setting no_new_privs and then execing a program that is
 SELinux\-confined (as this tool would do) may prevent the SELinux
 restrictions from taking effect.
+.SH EXAMPLE
+If you're looking for behaviour similar to
+.BR su (1)/ runuser "(1), or " sudo (8)
+(without the
+.B -g
+option), try something like:
+.sp
+.B "    setpriv \-\-reuid=1000 \-\-regid=1000 \-\-init\-groups"
+.PP
+If you want to mimic daemontools'
+.BR setuid (8),
+try:
+.sp
+.B "    setpriv \-\-reuid=1000 \-\-regid=1000 \-\-clear\-groups"
 .SH SEE ALSO
 .BR runuser (1),
 .BR su (1),