Geoffrey Thomas

Ah, yes, returning true for `.` and `..`would make sense I think!

I think it's roughly equally as easy to just call `setresuid` (and `setgroups(0, NULL)`?) ourselves. We'd still probably use systemd-sysusers to create the user (assuming it does actually work properly...

What happens if systemd opens the socket immediately before starting nsncd, attempts to look up the non-root user to drop privileges to, and then deadlocks on itself? That's very close...

It stores it per process (in a global), and presumably systemd forks before attempting to drop privileges (lest it drop privileges of pid 1), so I don't think we can...

Oh, yes, I think that making /run/nscd owned by the non-root user should work, good point!