[getdns-users] a .service file stubby on systemd systems
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Apr 27 19:17:50 UTC 2017
Hi all--
I've just written a simple systemd unit file for stubby which runs the
resolver as a non-privileged user. I propose to ship it in the getdns
upstream sources so that downstream distributors can have a canonical
reference:
https://github.com/getdnsapi/getdns/pull/299
It keeps one elevated privilege so that it's possible to bind to port
53, but otherwise is a non-privileged process, which is probably
preferable to running as root.
we could reduce the privileges even further by allowing stubby to
inherit its listening socket from the system manager (e.g.,
sd_listen_fds(3)), but that requires more coding work, so i'm starting
with this simpler first step.
happy to hear feedback about this suggestion!
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170427/9991dfea/attachment.bin>
More information about the Users
mailing list