File arpwatch-2.1a11-drop-privs-manpage.dif of Package arpwatch.18007
diff -ruN ../arpwatch-2.1a15.orig/arpwatch.8 ./arpwatch.8 --- ../arpwatch-2.1a15.orig/arpwatch.8 2008-11-12 12:15:54.000000000 +0100 +++ ./arpwatch.8 2008-11-12 12:19:16.000000000 +0100 @@ -36,13 +36,16 @@ .I interface ] .br -.ti +8 +.ti +9 [ .B -n .IR net [/ width ]] [ .B -r .I file +] [ +.B -u +.I username ] .ad .SH DESCRIPTION @@ -94,10 +97,26 @@ .B arpwatch does not fork. .LP +If +.B -u +flag is used, +.B arpwatch +drops root privileges and changes user ID to +.I username +and group ID to that of the primary group of +.IR username . +This is recommended for security reasons. +.LP Note that an empty .I arp.dat file must be created before the first time you run -.BR arpwatch . +.BR arpwatch . +Also, the default directory (where arp.dat is stored) must be owned +by +.I username +if +.BR -u +flag is used. .LP .SH "REPORT MESSAGES" Here's a quick list of the report messages generated by




