[master] 45a408b update -r description
Poul-Henning Kamp
phk at varnish-cache.org
Wed Jun 13 10:39:41 CEST 2012
commit 45a408b8185b3be93a9fd53ca543d1fbbda5592f
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Wed Jun 13 08:39:27 2012 +0000
update -r description
diff --git a/doc/sphinx/reference/varnishd.rst b/doc/sphinx/reference/varnishd.rst
index 805e012..48ebdc8 100644
--- a/doc/sphinx/reference/varnishd.rst
+++ b/doc/sphinx/reference/varnishd.rst
@@ -110,14 +110,13 @@ OPTIONS
documents. This is a shortcut for specifying the
default_ttl run-time parameter.
--r param[,param...]
- Specifies a list of parameters that are read only. This
- gives the system administrator a way to limit what someone
- with access to the Varnish CLI can do. In a very secure
- environment you want to consider setting parameters such
- as *user*, *group*, *cc_command*, *vcc_allow_inline_c* to
- read only as these can potentially be used to escalate
- privileges.
+-r param[,param...]
+ Make the listed parameters read only. This gives the
+ system administrator a way to limit what the Varnish CLI can do.
+ Consider making parameters such as *user*, *group*, *cc_command*,
+ *vcc_allow_inline_c* read only as these can potentially be used
+ to escalate privileges from the CLI.
+ Protecting *listen_address* may also be a good idea.
-u user Specifies the name of an unprivileged user to which the child
process should switch before it starts accepting
More information about the varnish-commit
mailing list