until we have better support for dropping privs (as we would be using privsep), Jelte & I just agreed to: 1. write pid 2. chroot 3. drop privs 4. create any sockets we can always try to unlink the pid-file upon exit(), but in case we're chrooted that will fail. jakob