From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Wed, 13 Apr 2016 08:37:22 +0000 (+0200)
Subject: Add a paragraph on dropping privs
X-Git-Tag: dnsdist-1.0.0~3^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F3700%2Fhead;p=thirdparty%2Fpdns.git

Add a paragraph on dropping privs
---

diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md
index 2874d3acc1..bf99bd2f43 100644
--- a/pdns/README-dnsdist.md
+++ b/pdns/README-dnsdist.md
@@ -30,6 +30,11 @@ make
 
 On other recent platforms, installing a Lua and the system C++ compiler should be enough. 
 
+`dnsdist` can drop privileges using the `--uid` and `--gid` commandline-switches
+to ensure it does not run with root privileges after binding its listen-sockets.
+It is highly recommended to create a system user and group for `dnsdist`. Note that
+most packaged versions of `dnsdist` already create this user.
+
 Packaged
 --------
 We build packages for `dnsdist` on our [repositories](https://repo.powerdns.com). In addition