Hi, On 20/05/2021 03:35, Paul Wise wrote: > On Wed, May 19, 2021 at 8:51 AM Richard Hector wrote: > >> Does that not depend on whether it does anything before dropping >> privileges? For example, a webserver can bind to low ports before >> dropping privilege. I imagine if the systemd service unit specified >> running as (eg) www-data, that wouldn't work. > > I don't know the details, but I think systemd can open the ports and > transparently pass them to the unprivileged process when it is spawned > without any data loss, in a similar way to the inetd stuff used to > work.
http://0pointer.de/blog/projects/socket-activation.html Cheers! --alec
