README.md: add instructions to run under unprivileged user

README.md

@@ -8,9 +8,6 @@ ffmap-backend gathers information on the batman network by invoking :
  * alfred-json and
  * batadv-vis
 
-In order to use alfred-json and batadv-vis make sure the user running this
-backend is allowed to access alfred's socket.
-
 The output will be written to a directory (`-d output`).
 
 Run `backend.py --help` for a quick overview of all available options.
@@ -21,6 +18,32 @@ For the script's regular execution add the following to the crontab:
 * * * * * backend.py -d /path/to/output -a /path/to/aliases.json --vpn ae:7f:58:7d:6c:2a d2:d0:93:63:f7:da
 </pre>
 
+# Running as unprivileged user
+
+Some information collected by ffmap-backend requires access to specific system resources.
+
+Make sure the user you are running this under is part of the group that owns the alfred socket, so
+alfred-json can access the alfred daemon.
+
+    # ls -al /var/run/alfred.sock
+    srw-rw---- 1 root alfred 0 Mar 19 22:00 /var/run/alfred.sock=
+    # adduser map alfred
+    Adding user `map' to group `alfred' ...
+    Adding user map to group alfred
+    Done.
+    $ groups
+    map alfred
+
+Running batctl requires passwordless sudo access, because it needs to access the debugfs to retrive
+the gateway list.
+
+    # echo 'map ALL = NOPASSWD: /usr/sbin/batctl' | tee /etc/sudoers.d/map
+    map ALL = NOPASSWD: /usr/sbin/batctl
+    # chmod 0440 /etc/sudoers.d/map
+
+That should be everything. The script automatically detects if it is run in unprivileged mode and
+will prefix `sudo` where necessary.
+
 # Data format
 
 ## nodes.json