Monday, September 29, 2014, 4:21:02 PM, you wrote: >> At some point would be it worthwhile to go through the least privilege >> exercise on traffic_manager too? For example, I assume that traffic_manager >> would not need DAC override privilege.
> I expect that traffic_manager would retain CAP_DAC_OVERRIDE, since it is the > privileged helper to traffic_server. When traffic_server can't open a file, > it will have to ask traffic_manager to do it. If traffic_server needs root level at startup, how can traffic_manager drop that privilege?
