[master] a4a6eb9 Improve documentation on the secret file

Nils Goroll nils.goroll at uplex.de
Fri Feb 16 16:51:07 UTC 2018

commit a4a6eb9e0922aec5471642f687b0ac16007f04f7
Author: Nils Goroll <nils.goroll at uplex.de>
Date:   Fri Feb 16 17:50:28 2018 +0100

    Improve documentation on the secret file

diff --git a/doc/sphinx/reference/varnishd.rst b/doc/sphinx/reference/varnishd.rst
index 463f76c..7b1e3eb 100644
--- a/doc/sphinx/reference/varnishd.rst
+++ b/doc/sphinx/reference/varnishd.rst
@@ -86,6 +86,8 @@ Basic options
   could later be accessed remotely, starting `varnishd` requires
   local privileges.
+.. _opt_n:
 -n name
   Specify the name for this instance.  This name is used to construct
@@ -205,8 +207,16 @@ Security options
 -S secret-file
   Path to a file containing a secret used for authorizing access to
-  the management port. If not provided a new secret will be drawn
-  from the system PRNG.  To disable authentication use ``none``.
+  the management port. To disable authentication use ``none``.
+  If this argument is not provided, a secret drawn from the system
+  PRNG will be written to a file called ``_.secret`` in the working
+  directory (see `opt_n`_) with default ownership and permissions of
+  the user having started varnish.
+  Thus, users wishing to delegate control over varnish will probably
+  want to create a custom secret file with appropriate permissions
+  (ie. readable by a unix group to delegate control to).
 -j <jail[,jailoptions]>

More information about the varnish-commit mailing list