-There is no authentication and authorization, so B<you> will have to take care
-that only authorized clients can talk to the daemon. Since we assume that graph
-collection is done on a dedicated machine, i.E<nbsp>e. the box doesn't do
-anything else and especially does not have any interactive logins other than
-root, a UNIX domain socket should take care of that.
+Control sockets are divided into high-privilege (B<-l>) and low-privilege
+(B<-L>) sockets. High-privilege sockets accept all commands, whereas
+low-privilege sockets accept only B<FLUSH>, B<STATS>, and B<HELP>.
+
+For a multi-user environment where only certain users require read/write
+access, the recommended configuration uses two sockets as follows:
+
+=over
+
+=item B<-l> I</protected/dir/rrd.sock>
+
+Create a high-privilege unix-domain socket. This should be protected with
+the same Unix permissions that are used to protect the RRD files. Updates
+should be directed to this socket.
+
+=item B<-L> I<127.0.0.1>
+
+Create a low-privilege TCP socket listening on localhost. All users on
+the local system may use this to trigger FLUSH of individual files. Users
+with read-only access should be directed to this socket.
+
+=back