From: Omar Polo Subject: Re: more gotwebd privdrop To: gameoftrees@openbsd.org Date: Sun, 26 Jan 2025 13:43:30 +0100 On 13/01/25 17:50, Stefan Sperling wrote: > I noticed that gotwebd's parent process keeps running as root, > and has read access to all of /var/www. > > This process doesn't do anything after the service workers have > started up so keeping these privileges seems unnecessary. > > gotwebd starts up just fine with the patch below. > The only future problem I see is that if we ever implement re-exec > of already running workers, we'll need root again for that. > > I'm not sure access to /etc/gotwebd.conf is still needed either but > I'm keeping that around in case we ever implement config reload. Agreed.  I don't think we'll need to handle config reload in gotwebd: it's easy to just restart it. ok op@ Thank you!