On Mon, Sep 11, 2017 at 5:31 AM, Dmitrii Kashin <[email protected]> wrote:
> > I'd like to add to the conversation that this thread was started because > of the argue here[1] (russian). > > The main point of the argue was dropping privileges from root to some > user after the program performed all the needed actions (f.e. when it > started listening port < 1024). > root isn't needed for binding service ports anymore, you can use setcap: https://stackoverflow.com/a/414258 > > We've found an example in commons-daemon code[2] how to drop privileges > in MS Windows systems. It seems a new Access Token is created for some > unprivileged user, and then spawns a new process with this token. > > I suppose it makes some sense to say about it here: it would be very > useful to have a possibility to drop privileges to some user. Please > consider it as a user request. > > [1] https://www.opennet.ru/opennews/art.shtml?num=47170#29 > [2] https://github.com/apache/commons-daemon/blob/ > 6702852984689bc6507690113949b478dba157ef/src/native/windows/ > src/rprocess.c#L481 > > bruno ais <[email protected]> writes: > > > Any idea how it can be done on Windows? > > Or better yet; is there a cross-platform thing or equivalence of that > > feature? > > If not, then that can easily be the reason. > > > > On Mon, Sep 11, 2017 at 9:29 AM, DoWhile ForEach < > [email protected]> > > wrote: > > > >> Hello. > >> > >> Please explain someone why the Java API has not yet implemented a method > >> that allows you to set the effective user ID of the Java process. > >> > >> To accomplish this simple task, you have to make some workarounds. > >> A striking example of such workarounds is jsvc tool from the Apache > >> commons-daemon project for Tomcat server: > >> https://github.com/apache/commons-daemon/blob/6702852984689b > >> c6507690113949b478dba157ef/src/native/unix/native/jsvc-unix.c#L163 > >> > -- Cheers, Jonathan
