Unprivileged user?

Per Andreas Buer perbu at linpro.no
Tue Apr 15 08:25:27 CEST 2008

Ricardo Newbery skrev:

> Hmm... maybe I'm missing something but this doesn't seem to answer the 
> main question.  If, as you seem to imply, Varnish is opening any files 
> it needs while it's still "root", then what is the purpose of the "-u 
> user" option?

I'm guessing Varnish (like most Unix daemons) opens the file as root and 
then drops its privileges. That way, when Varnish deals with the 
untrusted data coming from the network it runs as an unprivileged user.

So, I there is a buffer overflow in Varnish, the code won't run with 
root privileges.


More information about the varnish-misc mailing list