> > of by the daemon? If so, why isn't that the choice. If not, > > why not? > > > The daemon needs to start as uid/gid 0, because it needs to create/bind a > sysevent channel during initialization. Afterward doing this, it reduces > it's privilege set to the minimal set noted above and changes its uid/gid > to user noaccess (60002).
As commented at today's PSARC meeting uid 0 and all privs is
(unfortunately) required by the underlying channel initialization
infrastructure.
+1
Gary..
