diff options
Diffstat (limited to 'sys-utils/setpriv.1')
-rw-r--r-- | sys-utils/setpriv.1 | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1 index 61c3faf9b..b900f6e08 100644 --- a/sys-utils/setpriv.1 +++ b/sys-utils/setpriv.1 @@ -16,7 +16,7 @@ and .BR runuser (1), .BR setpriv (1) neither uses PAM, nor does it prompt for a password. -It is a simple, non-setuid wrapper around +It is a simple, non-set-user-ID wrapper around .BR execve (2), and can be used to drop privileges in the same way as .BR setuidgid (8) @@ -175,6 +175,20 @@ Be careful with this tool \-\- it may have unexpected security consequences. For example, setting no_new_privs and then execing a program that is SELinux\-confined (as this tool would do) may prevent the SELinux restrictions from taking effect. +.SH EXAMPLE +If you're looking for behaviour similar to +.BR su (1)/ runuser "(1), or " sudo (8) +(without the +.B -g +option), try something like: +.sp +.B " setpriv \-\-reuid=1000 \-\-regid=1000 \-\-init\-groups" +.PP +If you want to mimic daemontools' +.BR setuid (8), +try: +.sp +.B " setpriv \-\-reuid=1000 \-\-regid=1000 \-\-clear\-groups" .SH SEE ALSO .BR runuser (1), .BR su (1), |