1c6a1b
--- arpwatch.8.orig	Sun Oct  8 23:31:28 2000
1c6a1b
+++ arpwatch.8	Mon Oct 16 16:46:19 2000
1c6a1b
@@ -36,13 +36,16 @@
1c6a1b
 .I interface
1c6a1b
 ]
1c6a1b
 .br
1c6a1b
-.ti +8
1c6a1b
+.ti +9
1c6a1b
 [
1c6a1b
 .B -n
1c6a1b
 .IR net [/ width
1c6a1b
 ]] [
1c6a1b
 .B -r
1c6a1b
 .I file
1c6a1b
+] [
1c6a1b
+.B -u
1c6a1b
+.I username
1c6a1b
 ]
1c6a1b
 .ad
1c6a1b
 .SH DESCRIPTION
1c6a1b
@@ -94,10 +97,26 @@
1c6a1b
 .B arpwatch
1c6a1b
 does not fork.
1c6a1b
 .LP
1c6a1b
+If 
1c6a1b
+.B -u 
1c6a1b
+flag is used, 
1c6a1b
+.B arpwatch
1c6a1b
+drops root privileges and changes user ID to
1c6a1b
+.I username
1c6a1b
+and group ID to that of the primary group of 
1c6a1b
+.IR username .
1c6a1b
+This is recommended for security reasons.
1c6a1b
+.LP
1c6a1b
 Note that an empty
1c6a1b
 .I arp.dat
1c6a1b
 file must be created before the first time you run
1c6a1b
-.BR arpwatch .
1c6a1b
+.BR arpwatch . 
1c6a1b
+Also, the default directory (where arp.dat is stored) must be owned
1c6a1b
+by 
1c6a1b
+.I username
1c6a1b
+if 
1c6a1b
+.BR -u
1c6a1b
+flag is used.
1c6a1b
 .LP
1c6a1b
 .SH "REPORT MESSAGES"
1c6a1b
 Here's a quick list of the report messages generated by