Update readme with usage example

ncopa · Oct 14, 2017 · dddd156 · dddd156
1 parent 1277bbe
commit dddd156
Showing 1 changed file with 25 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -1,10 +1,33 @@
 # su-exec
 switch user and group id, setgroups and exec
 
+## Purpose
+
 This is a simple tool that will simply execute a program with different
-privileges. The program will not run as a child, like su and sudo, so we
-work around TTY and signal issues.
+privileges. The program will be exceuted directly and not run as a child,
+like su and sudo does, which avoids TTY and signal issues (see below).
+
+Notice that su-exec depends on being run by the root user, non-root
+users do not have permission to change uid/gid.
+
+## Usage
+
+```shell
+su-exec user-spec command [ arguments... ]
+```
+
+`user-spec` is either a user name (e.g. `nobody`) or user name and group
+name separated with colon (e.g. `nobody:ftp`). Numeric uid/gid values
+can be used instead of names. Example:
+
+```shell
+$ su-exec apache:1000 /usr/sbin/httpd -f /opt/www/httpd.conf
+```
+
+## TTY & parent/child handling
 
+Notice how `su` will make `ps` be a child of a shell while `su-exec`
+just executes `ps` directly.
 
 ```shell
 $ docker run -it --rm alpine:edge su postgres -c 'ps aux'