Drop root privileges after reading SSL key/certificate

[Dmitry Katsubo]

Dear TigerVNC users,

I would like to enable TLS encryption with a key stored in a restricted location (i.e. users are not allowed to read from it). On the other side I would like TigerVNC server to run as a ordinary user for security reasons. Typically server is run as a root, reads SSL key/certificate and then drops administrative privileges via setuid(). However there is no runAs option that would allow one to implement above.

Any idea how to implement that?

Thanks for your ideas.