From: Job Snijders <job@instituut.net>
Date: Tue, 14 Nov 2017 10:05:46 +0000 (+0100)
Subject: Emphasize when privileges are dropped
X-Git-Tag: rec-4.1.0~2^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=31f7cc79843fccc650b17f89e42cc7c4f9037323;p=thirdparty%2Fpdns.git

Emphasize when privileges are dropped
---

diff --git a/pdns/dnsdistdist/docs/running.rst b/pdns/dnsdistdist/docs/running.rst
index bbcda39474..daf58e2a99 100644
--- a/pdns/dnsdistdist/docs/running.rst
+++ b/pdns/dnsdistdist/docs/running.rst
@@ -30,6 +30,7 @@ These commands can be copied to the configuration file, should they need to pers
 Running as unprivileged user
 ----------------------------
 
-:program:`dnsdist` can drop privileges using the ``--uid`` and ``--gid`` command line switches to ensure it does not run with root privileges after binding its listening sockets.
+:program:`dnsdist` can drop privileges using the ``--uid`` and ``--gid`` command line switches to ensure it does not run with root privileges.
+Note that :program:`dnsdist` drops its privileges **after** parsing its startup configuration and binding its listening and initial :func:`newServer` sockets as user `root`.
 It is highly recommended to create a system user and group for :program:`dnsdist`.
 Note that most packaged versions of :program:`dnsdist` already create this user.