Jail, outstanding details
Nils Goroll
slink at schokola.de
Thu Feb 19 10:40:15 CET 2015
On 18/02/15 20:19, Poul-Henning Kamp wrote:
> I am uncertain if creating/opening the storage files should be done
> at "MASTER_HIGH" (= root) or "MASTER_LOW" (= varnish user) privilege
> level.
Going back to the loose end of our previous discussion, I'd see storage files on
the same level as _.secret in the suggested directory/permissions scheme:
640 $master_user:$group
where $master_user=root for unix jail or something else for other,
$group=varnish per default
On 12/02/15 13:36, Nils Goroll wrote:
> # e.g. /tmp/varnish_name
>
> -n directory: 755 $master_user:$group
> _.vsm 640 $master_user:$group_vsm (!feature::public_vsm)
> _.vsm 644 $master_user:$group_vsm (feature::public_vsm)
> _.secret 640 $master_user:$group
>
> # e.g. /tmp/varnish_name.vcc
>
> $vcc_dir: 750 $user:$group
> vcl.*.c 660 $user:$group (temporary file)
> vcl.*.so 440 $user:$group
More information about the varnish-dev
mailing list