I'd like to add to the conversation that this thread was started because of the argue here[1] (russian).
The main point of the argue was dropping privileges from root to some user after the program performed all the needed actions (f.e. when it started listening port < 1024). We've found an example in commons-daemon code[2] how to drop privileges in MS Windows systems. It seems a new Access Token is created for some unprivileged user, and then spawns a new process with this token. I suppose it makes some sense to say about it here: it would be very useful to have a possibility to drop privileges to some user. Please consider it as a user request. [1] https://www.opennet.ru/opennews/art.shtml?num=47170#29 [2] https://github.com/apache/commons-daemon/blob/6702852984689bc6507690113949b478dba157ef/src/native/windows/src/rprocess.c#L481 bruno ais <brunoa...@gmail.com> writes: > Any idea how it can be done on Windows? > Or better yet; is there a cross-platform thing or equivalence of that > feature? > If not, then that can easily be the reason. > > On Mon, Sep 11, 2017 at 9:29 AM, DoWhile ForEach <dowhilefore...@gmail.com> > wrote: > >> Hello. >> >> Please explain someone why the Java API has not yet implemented a method >> that allows you to set the effective user ID of the Java process. >> >> To accomplish this simple task, you have to make some workarounds. >> A striking example of such workarounds is jsvc tool from the Apache >> commons-daemon project for Tomcat server: >> https://github.com/apache/commons-daemon/blob/6702852984689b >> c6507690113949b478dba157ef/src/native/unix/native/jsvc-unix.c#L163 >>
