Jail, outstanding details

Nils Goroll slink at schokola.de
Thu Feb 19 10:40:15 CET 2015



On 18/02/15 20:19, Poul-Henning Kamp wrote:
> I am uncertain if creating/opening the storage files should be done
> at "MASTER_HIGH" (= root) or "MASTER_LOW" (= varnish user) privilege
> level.

Going back to the loose end of our previous discussion, I'd see storage files on
the same level as _.secret in the suggested directory/permissions scheme:

	640 $master_user:$group

where $master_user=root for unix jail or something else for other,
$group=varnish per default

On 12/02/15 13:36, Nils Goroll wrote:
> # e.g. /tmp/varnish_name
>
> -n directory: 		755 $master_user:$group
> 	_.vsm		640 $master_user:$group_vsm	(!feature::public_vsm)
> 	_.vsm		644 $master_user:$group_vsm	(feature::public_vsm)
> 	_.secret	640 $master_user:$group
>
> # e.g. /tmp/varnish_name.vcc
>
> $vcc_dir: 		750 $user:$group
> 	vcl.*.c		660 $user:$group	(temporary file)
> 	vcl.*.so	440 $user:$group



More information about the varnish-dev mailing list