[Opendnssec-develop] dropping privs

Jakob Schlyter jakob at kirei.se
Thu Aug 13 13:38:11 UTC 2009

until we have better support for dropping privs (as we would be using  
privsep), Jelte & I just agreed to:

1. write pid
2. chroot
3. drop privs
4. create any sockets

we can always try to unlink the pid-file upon exit(), but in case  
we're chrooted that will fail.


More information about the Opendnssec-develop mailing list