From ddcdcc894f4f972ad1f4d5acf1c3ee91d821a1b9 Mon Sep 17 00:00:00 2001
From: cperciva <cperciva@FreeBSD.org>
Date: Sat, 17 Jul 2004 15:21:34 +0000
Subject: Document the SUSER_RUID flag.

Reminded by:	pjd
---
 share/man/man9/suser.9 | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'share')

diff --git a/share/man/man9/suser.9 b/share/man/man9/suser.9
index cb4dd6b..c8be714 100644
--- a/share/man/man9/suser.9
+++ b/share/man/man9/suser.9
@@ -62,8 +62,9 @@ circumstances dictate otherwise.
 The
 .Fn suser_cred
 function should be used when the credentials to be checked are
-not the thread's own, when there is no thread, or when superuser
-powers should be extended to imprisoned roots.
+not the thread's own, when there is no thread, when superuser
+powers should be extended to imprisoned roots, or when the credential
+to be checked is the real user rather than the effective user.
 .Pp
 By default, a process does not command superuser powers if it has
 been imprisoned by the
@@ -85,6 +86,17 @@ implicit in the
 .Xr jail 2
 call should such powers be granted.
 .Pp
+By default, the credential checked is the effective user.  There are cases 
+where it is instead necessary to check the real user (for example, when 
+determining if resource limits should be applied), and this can be done
+by passing the
+.Dv SUSER_RUID
+flag in the
+.Fa flag
+argument to the
+.Fn suser_cred
+function.
+.Pp
 The
 .Fn suser
 and
-- 
cgit v1.1