Explain the `-U' and `-G' options.

diff --git a/doc/tripe.8 b/doc/tripe.8
index 59fad18..9697e0a 100644 (file)
--- a/doc/tripe.8
+++ b/doc/tripe.8
@@ -35,14 +35,14 @@ tripe \- a simple VPN daemon
 .SH "SYNOPSIS"
 .B tripe
 .RB [ \-D ]
-.RB [ \-p
-.IR port ]
-.RB [ \-T
-.IR trace-opts ]
 .RB [ \-d
 .IR dir ]
-.RB [ \-a
-.IR socket ]
+.RB [ \-p
+.IR port ]
+.RB [ \-U
+.IR user ]
+.RB [ \-G
+.IR group ]
 .br
        
 .RB [ \-k
@@ -51,6 +51,12 @@ tripe \- a simple VPN daemon
 .IR pub-keyring ]
 .RB [ \-t
 .IR key-tag ]
+.br
+       
+.RB [ \-a
+.IR socket ]
+.RB [ \-T
+.IR trace-opts ]
 .SH "DESCRIPTION"
 The
 .B tripe
@@ -116,7 +122,10 @@ Following this, the server enters its main loop, accepting admin
 connections and obeying any administrative commands, and communicating
 with peers.  It also treats its standard input and standard output
 streams as an admin connection, reading commands from standard input and
-writing responses and diagnostics messages to standard output.
+writing responses and diagnostics messages to standard output.  Finally,
+it will reload keys from its keyring files if it notices that they've
+changed (it checks inode number and modification time) \- there's no
+need to send a signal.
 .PP
 Much of this behaviour may be altered by giving
 .B tripe
@@ -158,6 +167,21 @@ if you don't want it to change directory at all.
 Use the specified UDP port for all communications with peers, rather
 than an arbitarary kernel-assigned port.
 .TP
+.BI "\-U, \-\-setuid=" user
+Set uid to that of
+.I user
+(either a user name or integer uid) after initialization.  Also set gid
+to
+.IR user 's
+primary group, unless overridden by a
+.B \-G
+option.
+.TP
+.BI "\-G, \-\-setgid=" group
+Set gid to that of
+.I group
+(either a group name or integer gid) after initialization.
+.TP
 .BI "\-k, \-\-priv\-keyring=" file
 Reads the private key from
 .I file