Merge pull request #5956 from job/priv_drop

author Pieter Lexis <pieterlexis@users.noreply.github.com>

Fri, 1 Dec 2017 15:50:15 +0000 (16:50 +0100)

committer GitHub <noreply@github.com>

Fri, 1 Dec 2017 15:50:15 +0000 (16:50 +0100)
author Pieter Lexis <pieterlexis@users.noreply.github.com>
Fri, 1 Dec 2017 15:50:15 +0000 (16:50 +0100)
committer GitHub <noreply@github.com>
Fri, 1 Dec 2017 15:50:15 +0000 (16:50 +0100)
diff --git a/pdns/dnsdistdist/docs/running.rst b/pdns/dnsdistdist/docs/running.rst

index 915882a946eee3ecfaf53c27036e9892d88398cd..daf58e2a99d449e7c2caefd3455255093eaf0270 100644 (file)
--- a/pdns/dnsdistdist/docs/running.rst
+++ b/pdns/dnsdistdist/docs/running.rst
@@ -30,8 +30,7 @@ These commands can be copied to the configuration file, should they need to pers
  Running as unprivileged user
  ----------------------------
  
-:program:`dnsdist` can drop privileges using the ``--uid`` and ``--gid`` command line switches
-to ensure it does not run with root privileges after binding its listening sockets.
-It is highly recommended to create a system user and group for :program:`dnsdist`. Note that
-most packaged versions of :program:`dnsdist` already create this user.
-
+:program:`dnsdist` can drop privileges using the ``--uid`` and ``--gid`` command line switches to ensure it does not run with root privileges.
+Note that :program:`dnsdist` drops its privileges **after** parsing its startup configuration and binding its listening and initial :func:`newServer` sockets as user `root`.
+It is highly recommended to create a system user and group for :program:`dnsdist`.
+Note that most packaged versions of :program:`dnsdist` already create this user.
author	Pieter Lexis <pieterlexis@users.noreply.github.com>
	Fri, 1 Dec 2017 15:50:15 +0000 (16:50 +0100)
committer	GitHub <noreply@github.com>
	Fri, 1 Dec 2017 15:50:15 +0000 (16:50 +0100)