On 18/05/21 11:58 am, Paul Wise wrote:
On Mon, May 17, 2021 at 12:51 PM Khoa Tran Minh wrote:
A related question: The binary itself can drop privilege and run as non-root, then should I use that native feature or use systemd User= when writing a default config/unit ?I would suggest to use systemd features for this.
Does that not depend on whether it does anything before dropping privileges? For example, a webserver can bind to low ports before dropping privilege. I imagine if the systemd service unit specified running as (eg) www-data, that wouldn't work.
Cheers, Richard