File arpwatch-2.1a11-drop-privs-manpage.dif of Package arpwatch
@@ -36,13 +36,16 @@ arpwatch - keep track of ethernet/ip add
.IR net [/ width
@@ -94,10 +97,26 @@ of reading from the network. In this cas
does not fork.
+flag is used,
+drops root privileges and changes user ID to
+and group ID to that of the primary group of
+.IR username .
+This is recommended for security reasons.
Note that an empty
file must be created before the first time you run
-.BR arpwatch .
+.BR arpwatch .
+Also, the default directory (where arp.dat is stored) must be owned
+flag is used.
.SH "REPORT MESSAGES"
Here's a quick list of the report messages generated by