diff --git a/README.md b/README.md
index 4fb1d7b..c36abe7 100644
--- a/README.md
+++ b/README.md
@@ -115,7 +115,7 @@ There are two [entry points](https://en.wikipedia.org/wiki/Entry_point) for the
 
 - a user running the `forgehook` script to manage their subscriptions/secrets
 
-- an endpoint running `forgehook-notify` (TODO: rename forgehook-run to forgehook-notify) to announce a legitimate update was received for a remote
+- an endpoint running `forgehook-notify` to announce a legitimate update was received for a remote
 
 `forgehook-notify` takes the URL of the updated repository as argument, checks for current user subscription, and runs the trigger backend `/usr/local/bin/forgehook-trigger-backend` as each user currently subscribed. The forgehook CLI interface is further described [here](docs/cli.md).
 
@@ -160,3 +160,7 @@ The provided reference implementation for a forgehook database is a flat-file da
 # Security
 
 TODO: Explain sudo tricks and suggest everyone should read the code in its entirely because it's brief
+
+# FAQ
+
+See [docs/faq.md](docs/faq.md)
diff --git a/bin/forgehook-run b/bin/forgehook-notify
similarity index 88%
rename from bin/forgehook-run
rename to bin/forgehook-notify
index ee5db1c..f43d052 100644
--- a/bin/forgehook-run
+++ b/bin/forgehook-notify
@@ -5,7 +5,7 @@ if [[ $EUID != 0 ]]; then
     # Let's not forget to define the db while we have forgehook $USER
     # TODO: replace with ~/database
     db=$HOME/webhooks
-    sudo forgehook-run $@
+    sudo forgehook-notify $@
     exit $?
 fi
 
@@ -16,7 +16,7 @@ fi
 
 # We only take one argument!
 if [[ $# != 1 ]]; then
-    echo "FATAL ERROR: forgehook-run can't deal with $# argument(s) (BUG)"
+    echo "FATAL ERROR: forgehook-notify can't deal with $# argument(s) (BUG)"
     [[ $# != 0 ]] && echo "Found arguments: "$@""
     exit 1
 fi
diff --git a/setup.sh b/setup.sh
index 960f39b..ab7a171 100755
--- a/setup.sh
+++ b/setup.sh
@@ -52,9 +52,9 @@ sudo chown "$owner:$owner" $DEST/forgehook-backend
 sudo chmod 744 $DEST/forgehook-backend
 
 # Only root should execute
-sudo cp bin/forgehook-run $DEST
-sudo chown "$owner:$owner" $DEST/forgehook-run
-sudo chmod 744 $DEST/forgehook-run
+sudo cp bin/forgehook-notify $DEST/forgehook-notify
+sudo chown "$owner:$owner" $DEST/forgehook-notify
+sudo chmod 744 $DEST/forgehook-notify
 
 # Everyone can execute (wrapper script for build manager such as git-build)
 sudo cp $TRIGGER $DEST/forgehook-trigger
@@ -70,9 +70,12 @@ if ! sudo grep "forgehook-backend" /etc/sudoers > /dev/null; then
     # Need to open a dedicated shell through sudo or we don't have permissions
     sudo sh -c "echo ALL ALL=\("$owner"\) NOPASSWD: /usr/local/bin/forgehook-backend >> /etc/sudoers"
 fi
-if ! sudo grep "forgehook-run" /etc/sudoers > /dev/null; then
+if ! sudo grep "forgehook-notify" /etc/sudoers > /dev/null; then
     SUDO_SETUP=1
-    sudo sh -c "echo "$owner" ALL=NOPASSWD: /usr/local/bin/forgehook-run >> /etc/sudoers"
+    # TODO: permission for forgehook-notify should belong to group, not user so we can give
+    # permission to run notifications without having access to database for 3rd party tools
+    # if you need a tool that has access to db please run it as forgehook user!
+    sudo sh -c "echo "$owner" ALL=NOPASSWD: /usr/local/bin/forgehook-notify >> /etc/sudoers"
 fi
 
 [[ $SUDO_SETUP = 1 ]] && echo "[setup.sh] sudo rules have been installed for forgehook"