Privilege Seperation


two reasons you need to privilege seperate instead of revoke

one: need root privs for a certain operation, way after startup
adjtime, for example

two: need to access something outside the chroot
classic: DNS. resolv.conf, /etc/hosts