[master] 4107128 Write up VMOD unix in "Upgrading to 6.0".
Geoff Simmons
geoff at uplex.de
Mon Mar 12 18:18:07 UTC 2018
commit 41071281d91c275be3f1633dca5f20e7ec110047
Author: Geoff Simmons <geoff at uplex.de>
Date: Mon Mar 12 19:16:03 2018 +0100
Write up VMOD unix in "Upgrading to 6.0".
diff --git a/doc/sphinx/whats-new/upgrading-6.0.rst b/doc/sphinx/whats-new/upgrading-6.0.rst
index cffab95..685c184 100644
--- a/doc/sphinx/whats-new/upgrading-6.0.rst
+++ b/doc/sphinx/whats-new/upgrading-6.0.rst
@@ -402,10 +402,30 @@ VMOD std
listener is UDS. :ref:`std.set_ip_tos(INT) <func_set_ip_tos>` is
silently ignored when the listener is UDS.
-XXX VCL subhead 2
-~~~~~~~~~~~~~~~~~
+New VMODs
+~~~~~~~~~
-XXX: ...
+VMOD unix
+---------
+
+:ref:`vmod_unix(3)` provides functions to determine the credentials of
+the peer process (user and group of the process owner) that connected
+to Varnish over a listener at a Unix domain socket. You can use this,
+for example, to impose tighter restrictions on who can access certain
+resources::
+
+ import unix;
+
+ sub vcl_recv {
+ # Return "403 Forbidden" if the connected peer is
+ # not running as the user "trusteduser".
+ if (unix.user() != "trusteduser") {
+ return( synth(403) );
+ }
+
+This is not available on every platform. As always, check the
+documentation and test the code before you attempt something like this
+in production.
Other changes
=============
More information about the varnish-commit
mailing list