chroot or/and none root user
Ingvar Hagelund
ingvar at linpro.no
Thu Oct 5 09:27:42 CEST 2006
* Benny Kjellgren
>> I have started to test Varnish on Debian (and Archlinux) and the
>> first thing I was looking for is to how to run Varnish as a none
>> root user (eg www-data) and/or put it in a jail (chroot).
>>
>> Is it possible to do that ?
* Poul-Henning Kamp
> If you don't use a priviledged listen port, it should just work.
Any plans to use the model used by eg apache or squid, with a
dispatching process running in priviledged mode, and process children
running with a non privilegded user?
One might think that this model makes privilege escalation harder, or at
least, less intrusive, in case there should be any exploitable bugs in
varnish (but of course, there would never be any such thing 8-) .
Ingvar
--
When everything else fails: Symlink
More information about the varnish-misc
mailing list