Emphasize when privileges are dropped

author Job Snijders <job@instituut.net>

Tue, 14 Nov 2017 10:05:46 +0000 (11:05 +0100)

committer Job Snijders <job@instituut.net>

Tue, 14 Nov 2017 10:16:39 +0000 (11:16 +0100)
author Job Snijders <job@instituut.net>
Tue, 14 Nov 2017 10:05:46 +0000 (11:05 +0100)
committer Job Snijders <job@instituut.net>
Tue, 14 Nov 2017 10:16:39 +0000 (11:16 +0100)
diff --git a/pdns/dnsdistdist/docs/running.rst b/pdns/dnsdistdist/docs/running.rst

index bbcda394747ea04e6e164662cbf0889c5a759d4a..daf58e2a99d449e7c2caefd3455255093eaf0270 100644 (file)
--- a/pdns/dnsdistdist/docs/running.rst
+++ b/pdns/dnsdistdist/docs/running.rst
@@ -30,6 +30,7 @@ These commands can be copied to the configuration file, should they need to pers
  Running as unprivileged user
  ----------------------------
  
-:program:`dnsdist` can drop privileges using the ``--uid`` and ``--gid`` command line switches to ensure it does not run with root privileges after binding its listening sockets.
+:program:`dnsdist` can drop privileges using the ``--uid`` and ``--gid`` command line switches to ensure it does not run with root privileges.
+Note that :program:`dnsdist` drops its privileges **after** parsing its startup configuration and binding its listening and initial :func:`newServer` sockets as user `root`.
  It is highly recommended to create a system user and group for :program:`dnsdist`.
  Note that most packaged versions of :program:`dnsdist` already create this user.
author	Job Snijders <job@instituut.net>
	Tue, 14 Nov 2017 10:05:46 +0000 (11:05 +0100)
committer	Job Snijders <job@instituut.net>
	Tue, 14 Nov 2017 10:16:39 +0000 (11:16 +0100)