From f0257a278444c98d34669c231e41adede81c3bd0 Mon Sep 17 00:00:00 2001
From: Jan Eitzinger <jan@moebiusband.org>
Date: Fri, 8 Nov 2024 19:16:56 +0100
Subject: [PATCH] Drop privileges after server start

---
 cmd/cc-backend/main.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/cmd/cc-backend/main.go b/cmd/cc-backend/main.go
index 9f7e673..bb72f69 100644
--- a/cmd/cc-backend/main.go
+++ b/cmd/cc-backend/main.go
@@ -204,13 +204,6 @@ func main() {
 	taskManager.Start()
 	serverInit()
 
-	// Because this program will want to bind to a privileged port (like 80), the listener must
-	// be established first, then the user can be changed, and after that,
-	// the actual http server can be started.
-	if err := runtimeEnv.DropPrivileges(config.Keys.Group, config.Keys.User); err != nil {
-		log.Fatalf("error while preparing server start: %s", err.Error())
-	}
-
 	var wg sync.WaitGroup
 
 	wg.Add(1)
@@ -219,6 +212,13 @@ func main() {
 		serverStart()
 	}()
 
+	// Because this program will want to bind to a privileged port (like 80), the listener must
+	// be established first, then the user can be changed, and after that,
+	// the actual http server can be started.
+	if err := runtimeEnv.DropPrivileges(config.Keys.Group, config.Keys.User); err != nil {
+		log.Fatalf("error while preparing server start: %s", err.Error())
+	}
+
 	wg.Add(1)
 	sigs := make(chan os.Signal, 1)
 	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)