Am Mittwoch, 12. April 2017 12:32:52 schrieb Sebastian Wagner:
So instead of dropping privileges inside intelmq, that could be done by the process manager too.
Yes, there are probably several ways how to create a process with lower privileges and letting it keep some higher privileged resources (like access to serve tcp port 80).
The main point of my argument is different, though and becomes an argument for solving the problem that we may need less priviledges users to be able to change some selected intelmq configuration values. Access control to these setting would need to be intelmq specific. So it probably is done well within intelmq's own code. If you follow this argument it becomes and advantage for implementing a intelmq master process (like the one on postfix) to coordinate the others.
Best Regards, Bernhard