File arpwatch-2.1a11-drop-privs-manpage.dif of Package arpwatch

diff -ruN ../arpwatch-2.1a15.orig/arpwatch.8 ./arpwatch.8
--- ../arpwatch-2.1a15.orig/arpwatch.8	2008-11-12 12:15:54.000000000 +0100
+++ ./arpwatch.8	2008-11-12 12:19:16.000000000 +0100
@@ -36,13 +36,16 @@
 .I interface
 ]
 .br
-.ti +8
+.ti +9
 [
 .B -n
 .IR net [/ width
 ]] [
 .B -r
 .I file
+] [
+.B -u
+.I username
 ]
 .ad
 .SH DESCRIPTION
@@ -94,10 +97,26 @@
 .B arpwatch
 does not fork.
 .LP
+If 
+.B -u 
+flag is used, 
+.B arpwatch
+drops root privileges and changes user ID to
+.I username
+and group ID to that of the primary group of 
+.IR username .
+This is recommended for security reasons.
+.LP
 Note that an empty
 .I arp.dat
 file must be created before the first time you run
-.BR arpwatch .
+.BR arpwatch . 
+Also, the default directory (where arp.dat is stored) must be owned
+by 
+.I username
+if 
+.BR -u
+flag is used.
 .LP
 .SH "REPORT MESSAGES"
 Here's a quick list of the report messages generated by