Unprivileged user?

Poul-Henning Kamp phk at phk.freebsd.dk
Wed Apr 16 08:56:37 CEST 2008

In message <7xd4oqe4c2.fsf at iostat.linpro.no>, Stig Sandbeck Mathisen writes:
>On Tue, 15 Apr 2008 00:01:17 -0700, Ricardo Newbery <ric at digitalmarbles.com> said:
>> In Varnish, does the less-privileged user need access to anything?
>After it has dropped root privileges, it needs at least:
>* Open new network connections (no problem unless you use MAC or a
>  uid-matching firewall)

No, it accepts them only.

>* Read access to where you store your VCL files

No, the vcl files are read by the master process which does not
drop priviledge.

>* Execute a C compiler


>* Write access to its cache directory, to store the compiled
>  configuration


Please figure out how varnish really works before you acuse us of
being incompetent.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-misc mailing list