On 18/05/21 11:58 am, Paul Wise wrote:
On Mon, May 17, 2021 at 12:51 PM Khoa Tran Minh wrote:
A related question: The binary itself can drop privilege and run as
non-root, then should I use that native feature or use systemd User= when
writing a default config/unit ?
I would suggest to use systemd features for this.
Does that not depend on whether it does anything before dropping
privileges? For example, a webserver can bind to low ports before
dropping privilege. I imagine if the systemd service unit specified
running as (eg) www-data, that wouldn't work.
Cheers,
Richard
