Unprivileged user?

Stig Sandbeck Mathisen ssm at linpro.no
Wed Apr 16 07:50:05 CEST 2008

On Tue, 15 Apr 2008 00:01:17 -0700, Ricardo Newbery <ric at digitalmarbles.com> said:

> In Varnish, does the less-privileged user need access to anything?

After it has dropped root privileges, it needs at least:

* Open new network connections (no problem unless you use MAC or a
  uid-matching firewall)

* Read access to where you store your VCL files

* Execute a C compiler

* Write access to its cache directory, to store the compiled

* Write core dumps

...possibly more.

Stig Sandbeck Mathisen, Linpro

More information about the varnish-misc mailing list