I am trying to see the best way or choice in design between privilege
revocation and privilege separation.
A very simplistic explication of the application is, I have an
application that I my putting together that provide network service from
a daemon and that daemon gets data from a SQLite file on the server to
be send back to the network.
Do I understand this properly that may be the separation should be use
when part of the software needs to access system resources that are only
accessible to root and the revocation should be use in all other cases?
Or is the separation should be use all the time anyway and then the part
that needs to access files on the system that could be under a low right
users like _Apps, and the part that run the daemon for the network part
run under nobody or something.
Looking at bgpd & ntpd, they both start and have part of the design as
root and then part under _bgpd or _ntp.
Or may be the proper design is always to use separation then, but if any
parts doesn't need root access, why should it be, or should it anyway in
case of future changes that might need it.
I am trying to come to peace with this.
Any inside as to how to go at this and be proper in the process?
Hope this question make sense.
