From 1aed71e514ccdb882b932b7ae54a3e80a10d20eb Mon Sep 17 00:00:00 2001
From: Sam Morris
Date: Thu, 8 Mar 2018 15:47:40 +0000
Subject: setpriv: add example section

---
 sys-utils/setpriv.1 | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'sys-utils/setpriv.1')

diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1
index 61c3faf9b..b900f6e08 100644
--- a/sys-utils/setpriv.1
+++ b/sys-utils/setpriv.1
@@ -16,7 +16,7 @@ and
 .BR runuser (1),
 .BR setpriv (1)
 neither uses PAM, nor does it prompt for a password.
-It is a simple, non-setuid wrapper around
+It is a simple, non-set-user-ID wrapper around
 .BR execve (2),
 and can be used to drop privileges in the same way as
 .BR setuidgid (8)
@@ -175,6 +175,20 @@ Be careful with this tool \-\- it may have unexpected security consequences.
 For example, setting no_new_privs and then execing a program that is
 SELinux\-confined (as this tool would do) may prevent the SELinux
 restrictions from taking effect.
+.SH EXAMPLE
+If you're looking for behaviour similar to
+.BR su (1)/ runuser "(1), or " sudo (8)
+(without the
+.B -g
+option), try something like:
+.sp
+.B "    setpriv \-\-reuid=1000 \-\-regid=1000 \-\-init\-groups"
+.PP
+If you want to mimic daemontools'
+.BR setuid (8),
+try:
+.sp
+.B "    setpriv \-\-reuid=1000 \-\-regid=1000 \-\-clear\-groups"
 .SH SEE ALSO
 .BR runuser (1),
 .BR su (1),
-- 
cgit v1.2.3-55-g7522