[Varnish] #1663: Both chmod 0755 and chown mgmt.uid used

Varnish varnish-bugs at varnish-cache.org
Wed Jan 21 19:45:00 CET 2015

#1663: Both chmod 0755 and chown mgmt.uid used
 Reporter:  puiterwijk  |       Type:  defect
   Status:  new         |   Priority:  normal
Milestone:              |  Component:  varnishd
  Version:  trunk       |   Severity:  normal
 Keywords:              |
 For ticket #1072, a line was added to mgmt_vcc.c to chmod the output VCL
 library to 0755 (commit ee4396), saying that you didn't want to rely on
 the file ownership being the unprivileged user.

 Later on, for ticket #1153, this has seemingly be reconsidered, and the
 file is now given a fchown to the unprivileged user (commit b7175b).

 The problem now is that since the file is no longer owner by the user
 running the management process (it's now owned by the unprivileged user,
 while the management process is running as root), it requires the fowner
 (file owner) linux kernel permission.

 Would it be required to do both, or would just the fchown suffice, as then
 it would require less permissions?

Ticket URL: <https://www.varnish-cache.org/trac/ticket/1663>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list