[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question about writing systemd unit for old package

On 20/05/21 1:59 pm, Alec Leamas wrote:

On 20/05/2021 03:35, Paul Wise wrote:
On Wed, May 19, 2021 at 8:51 AM Richard Hector wrote:

Does that not depend on whether it does anything before dropping
privileges? For example, a webserver can bind to low ports before
dropping privilege. I imagine if the systemd service unit specified
running as (eg) www-data, that wouldn't work.

I don't know the details, but I think systemd can open the ports and
transparently pass them to the unprivileged process when it is spawned
without any data loss, in a similar way to the inetd stuff used to


I confess I haven't read all that, and don't know the details of socket activation. But I think the service in question needs to be aware of it, doesn't it? It doesn't apply to wrapping a systemd service unit around an existing server. The nginx unit, for example, doesn't set a user, but a user is set in the nginx config file so it can drop privs.

I'm happy to be corrected :-)


Reply to: