init: support dropping privileges
Currently upstart gives you a wealth of options for controlling the environment a daemon is started in, letting one get by without the standard start-stop-daemon (et al.) invoke in your upstart jobs.
The one thing it doesn't seem to have, though, is the ability to drop privileges. It would be nice if upstart config files supported a
which would setuid to www-data before executing the daemon. That option should probably also initialize the gid and group vector of the daemon, possibly with additional options to override either the gid or group vector.