Unprivileged user?

Michael S. Fischer michael at dynamine.net
Tue Apr 15 19:52:40 CEST 2008


On Tue, Apr 15, 2008 at 1:16 AM, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
>  >Well-engineered software doesn't make potentially false assumptions
>  >about the environment in which it runs.
>
>  And they don't.
>
>  Varnish for instance assumes that the administrator is not a total
>  madman, who would do something as patently stupid as you prospose
>  above, under the general assumption that if he were, varnish would
>  be the least of his troubles.

I'm not saying that they would; I'm just saying that you can't count
on user 'nobody' having the precise role that a security-conscious
sysadmin would want.  Perhaps the sysadmin might create a 'varnishd'
user instead that also has limited access, and, hence, the -u option
is quite useful.  Assuming that the nonprivileged user is named
'nobody' could well be false.  I was simply providing the most extreme
example to demonstrate a point.

Best regards,

--Michael



More information about the varnish-misc mailing list