On Sep 29, 2014, at 5:42 PM, Alan M. Carroll <a...@network-geographics.com> wrote:
> Monday, September 29, 2014, 4:21:02 PM, you wrote: > >>> At some point would be it worthwhile to go through the least privilege >>> exercise on traffic_manager too? For example, I assume that >>> traffic_manager would not need DAC override privilege. > >> I expect that traffic_manager would retain CAP_DAC_OVERRIDE, since it is the >> privileged helper to traffic_server. When traffic_server can't open a file, >> it will have to ask traffic_manager to do it. > > If traffic_server needs root level at startup, how can traffic_manager drop > that privilege? In the long term, we could exec traffic_server as an unprivileged user. I don't expect traffic_manager to ever run unprivileged
