Varnish 4.1 - manager and cacher processes owned by "varnish" user

Vlad Rusu vlad.rusu at lola.tech
Thu Jan 5 06:38:34 CET 2017


Hi again, 

Found https://varnish-cache.org/docs/4.1/whats-new/changes.html#proactive-security-features <https://varnish-cache.org/docs/4.1/whats-new/changes.html#proactive-security-features>

Even this shows something else:

“On most systems, the Varnish parent process will now drop effective privileges to normal user mode when not doing operations needing special access.
The Varnish worker child should now be run as a separate vcache user."

Thanks!

--
Vlad Rusu
skypeid: rusu.h.vlad | cell: +40758066019

Lola Tech | lola.tech <https://lola.tech/>
> On 22 Nov 2016, at 21:57, Vlad Rusu <vlad.rusu at lola.tech> wrote:
> 
> Hi everyone, 
> 
> I noticed the user owning both varnishd processes (parent + child) is now “varnish" (or whatever user we specify in the config). I was previously using Varnish 3 in RHEL 6 and the parent process was owned by root, as the book also describes.
> 
> Looking at the Varnish 4.0 book (can’t find a 4.1 one), it still says that’s how it should be —> http://book.varnish-software.com/4.0/chapters/Tuning.html#the-parent-process-the-manager <http://book.varnish-software.com/4.0/chapters/Tuning.html#the-parent-process-the-manager>
> 
> Before I start testing diff Varnish versions on different OS versions, can you tell me if this is expected? Is it safe.. ?
> 
> =======
> 
> OS: Centos 7.2
> Varnish: 4.1.3 from the Varnish repo
> 
> [root at xxx varnish]# cat /etc/redhat-release
> CentOS Linux release 7.2.1511 (Core)
> 
> [root at xxx varnish]# rpm -qi varnish
> Name        : varnish
> Version     : 4.1.3
> Release     : 1.el7
> Architecture: x86_64
> Install Date: Tue 22 Nov 2016 07:16:30 PM UTC
> Group       : System Environment/Daemons
> Size        : 1131779
> License     : BSD
> Signature   : RSA/SHA1, Wed 06 Jul 2016 12:39:52 PM UTC, Key ID 60e7c096c4deffeb
> Source RPM  : varnish-4.1.3-1.el7.src.rpm
> Build Date  : Wed 06 Jul 2016 12:30:55 PM UTC
> Build Host  : centos7.varnish-software.com <http://centos7.varnish-software.com/>
> Relocations : (not relocatable)
> URL         : https://www.varnish-cache.org/ <https://www.varnish-cache.org/>
> Summary     : High-performance HTTP accelerator
> 
> [root at xxx varnish]# ps auxf | grep varnish
> varnish  14899  0.0  0.0 133080  1292 ?        Ss   19:32   0:00 /usr/sbin/varnishd -P /var/run/varnish.pid -f /etc/varnish/default.vcl -a :6081 -T 127.0.0.1:6082 -S /etc/varnish/secret -s malloc,256M
> varnish  14901  0.0  4.5 314788 85248 ?        Sl   19:32   0:00  \_ /usr/sbin/varnishd -P /var/run/varnish.pid -f /etc/varnish/default.vcl -a :6081 -T 127.0.0.1:6082 -S /etc/varnish/secret -s malloc,256M
> 
> =======
> 
> Thanks!
> 
> --
> Vlad Rusu
> skypeid: rusu.h.vlad | cell: +40758066019
> 
> Lola Tech | lola.tech <https://lola.tech/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20170105/2e46c544/attachment.html>


More information about the varnish-misc mailing list