Unprivileged user?

Poul-Henning Kamp phk at phk.freebsd.dk
Tue Apr 15 09:15:30 CEST 2008


In message <B40B98C4-A36B-479F-BBC3-CD372C5E7CEB at digitalmarbles.com>, Ricardo N
ewbery writes:

>I'm trying to understand the purpose of the "-u user" option for  
>varnishd.  It appears that even when starting up as root, and the  
>child process dropping to "nobody", Varnish is still saving and  
>serving from cache even though "nobody" doesn't have read/write access  
>to the storage file owned by root.

The file is opened before the cache process drops to nobody, and in
UNIX the access check is performed at open time and not at read/write
time.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.



More information about the varnish-misc mailing list