On 13/01/25 17:50, Stefan Sperling wrote:
> I noticed that gotwebd's parent process keeps running as root,
> and has read access to all of /var/www.
>
> This process doesn't do anything after the service workers have
> started up so keeping these privileges seems unnecessary.
>
> gotwebd starts up just fine with the patch below.
> The only future problem I see is that if we ever implement re-exec
> of already running workers, we'll need root again for that.
>
> I'm not sure access to /etc/gotwebd.conf is still needed either but
> I'm keeping that around in case we ever implement config reload.


Agreed.  I don't think we'll need to handle config reload in gotwebd: it's easy to just restart it.


ok op@


Thank you!