Idea for multi-level CLI access control

Poul-Henning Kamp phk at
Tue Jun 27 09:24:35 UTC 2023

Dridi Boukelmoune writes:
> On Mon, Jun 26, 2023 at 6:39=E2=80=AFPM Poul-Henning Kamp <phk at phk.freebsd.=
> dk> wrote:
> >

> Regarding the specific suggestion above, I don't think we would be
> satisfied with this model. In the security barriers diagram [1] we
> identified the following roles:
> - OPER
> - ANON

My idea was not meant as a replacement for any of those roles,
it just an idea for how to implement CLI connections with
different access levels - if we want to have that.

> For CLI access, we would probably want a new role TENANT, managed by
> ADMIN. Ideally, everything in the cache (VCL, contents, operations
> like ban) would be virtually partitioned such that a tenant could not
> directly affect the resources of other tenants.

I think that is a bit beyond the scope of the current discussion, but
it is certainly relevant to keep it in mind.

> > * Varnishd should identify itself (-i/-n) in the 107 message so that the
> >   client can pick which secret file to use if it has access to multiple.
> If each "account" (admin or tenant) has one dedicated secret,
> this is probably not needed.

I dont see the admin/tenant split eliminating the potential benefit
of being able to hand out restricted CLI access secrets.

As for CLI plain-text:  I would really love to find a good and mostly
seamless way to use SSH for CLI access.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-dev mailing list