Drew DeVault on Nostr: In general I do like this pattern, though: if you have a daemon which needs to be ...
In general I do like this pattern, though: if you have a daemon which needs to be root for some reason, fork into a second process that keeps root, setuid the main process to non-root, and use a Unix socketpair to provide a small API surface for the non-root process to use to ask the root process to perform privileged operations
https://git.sr.ht/~sircmpwn/digitd/tree/master/item/cmd/digitd/root.haPublished at
2024-01-05 11:22:54Event JSON
{
"id": "703796626b352461bbd46b13418b680029ca72fa6d86f760150c401d09f36c81",
"pubkey": "05bbadaea41d30c3cf3b7fb1027622eb00cca66635fc9047053df7f9a54cb0c7",
"created_at": 1704453774,
"kind": 1,
"tags": [
[
"proxy",
"https://fosstodon.org/users/drewdevault/statuses/111703082536733222",
"activitypub"
]
],
"content": "In general I do like this pattern, though: if you have a daemon which needs to be root for some reason, fork into a second process that keeps root, setuid the main process to non-root, and use a Unix socketpair to provide a small API surface for the non-root process to use to ask the root process to perform privileged operations\n\nhttps://git.sr.ht/~sircmpwn/digitd/tree/master/item/cmd/digitd/root.ha",
"sig": "7b58dc6e0114602b0a715e6b4f5ae1d7016e23fdd3173be5d865fc961406db53573ce4d52800f8df7f2a5e969cd3c3e4274832c5710cfb743cd099f9392712e2"
}
