Re: Question about writing systemd unit for old package

To: debian-mentors@lists.debian.org
Subject: Re: Question about writing systemd unit for old package
From: Paul Wise <pabs@debian.org>
Date: Thu, 20 May 2021 01:35:37 +0000
Message-id: <[🔎] CAKTje6HtmJfY6o-OmwZ-TTu-aY7O0W5zzeP6-BRw7h0LrVqdow@mail.gmail.com>
In-reply-to: <[🔎] 7fd0210f-8107-a4d6-cba1-278e08f39edc@walnut.gen.nz>
References: <[🔎] YKJiqjF2HTbYGL70@rue.localhost> <[🔎] CAKTje6E4rx07CpNZ2_UMDz0S84WNuOCaTzg+whaegj88UPuVBQ@mail.gmail.com> <[🔎] 7fd0210f-8107-a4d6-cba1-278e08f39edc@walnut.gen.nz>

On Wed, May 19, 2021 at 8:51 AM Richard Hector wrote:

> Does that not depend on whether it does anything before dropping
> privileges? For example, a webserver can bind to low ports before
> dropping privilege. I imagine if the systemd service unit specified
> running as (eg) www-data, that wouldn't work.

I don't know the details, but I think systemd can open the ports and
transparently pass them to the unprivileged process when it is spawned
without any data loss, in a similar way to the inetd stuff used to
work.

http://0pointer.de/blog/projects/inetd.html

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: Question about writing systemd unit for old package
  - From: Alec Leamas <leamas.alec@gmail.com>

References:
- Question about writing systemd unit for old package
  - From: Khoa Tran Minh <ktm8@posteo.de>
- Re: Question about writing systemd unit for old package
  - From: Paul Wise <pabs@debian.org>
- Re: Question about writing systemd unit for old package
  - From: Richard Hector <richard@walnut.gen.nz>

Prev by Date: Re: Question about writing systemd unit for old package
Next by Date: Re: Question about writing systemd unit for old package
Previous by thread: Re: Question about writing systemd unit for old package
Next by thread: Re: Question about writing systemd unit for old package
Index(es):
- Date
- Thread