phk at phk.freebsd.dk
Wed Apr 16 08:56:37 CEST 2008
In message <7xd4oqe4c2.fsf at iostat.linpro.no>, Stig Sandbeck Mathisen writes:
>On Tue, 15 Apr 2008 00:01:17 -0700, Ricardo Newbery <ric at digitalmarbles.com> said:
>> In Varnish, does the less-privileged user need access to anything?
>After it has dropped root privileges, it needs at least:
>* Open new network connections (no problem unless you use MAC or a
> uid-matching firewall)
No, it accepts them only.
>* Read access to where you store your VCL files
No, the vcl files are read by the master process which does not
>* Execute a C compiler
>* Write access to its cache directory, to store the compiled
Please figure out how varnish really works before you acuse us of
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-misc