Suggestion: make drop_privileges non-default

[mbof]

Thanks for the library!

A piece of feedback — I spent a couple of hours trying to identify why my program was failing to execute other subprocesses that require root privileges before realizing that this library caused a privilege drop by default as part of its initialization routine, CreateFromOptions.

It seems like a bit of a trip hazard that a library's init routine called CreateFromOptions will, as a side-effect, silently change the process's user ID. I would have only expected it to initialize the LED matrix... The doc does state that the function's "additional functionality" includes dropping privileges — but the wording "additional functionality" led me to think that it was something I needed to opt in before it would kick in.

Maybe this is a best practice for some cases but it feels like unusual library behavior in my (admittedly limited) experience. In the cases where one wishes to do anything else nontrivial with the program, such as loading graphics or sounds, issues feels likely to show up in system interactions depending on when privileges are dropped.

Suggest:

• Making this behavior not the default (and accordingly change the examples so that they all do this in the example binaries)
• Or, require the user to indicate in options which user to run as after dropping privileges (indirectly making it obvious to them that it's part of initialization)
• Or, since I do understand the challenge of supporting existing clients that may rely on this behavior, make this more discoverable by
  • Outputting to stderr when privileges are dropped (in the same vein as the plug to add isolcpus=3 to /boot/cmdline.txt)
  • Changing the documentation so that it indicates that the function will, by default, drop privileges to a user called "daemon"

If any of these suggestions sounds reasonable, I'd be happy to send PRs for any of them.