On Wed, 16 Apr 2008 06:56:37 +, "Poul-Henning Kamp" <[EMAIL PROTECTED]>
said:
> In message <[EMAIL PROTECTED]>, Stig Sandbeck Mathisen writes:
>> * Read access to where you store your VCL files
> No, the vcl files are read by the master process which does not drop
> priviledge.
>> * Execut
"Poul-Henning Kamp" <[EMAIL PROTECTED]> writes:
> "Michael S. Fischer" <[EMAIL PROTECTED]> writes:
> > I'm not saying that they would; I'm just saying that you can't count
> > on user 'nobody' having the precise role that a security-conscious
> > sysadmin would want.
> Which is why there is a -u ar
"Poul-Henning Kamp" <[EMAIL PROTECTED]> writes:
> Stig Sandbeck Mathisen <[EMAIL PROTECTED]> writes:
> > After it has dropped root privileges, it needs at least:
> >
> > * Open new network connections (no problem unless you use MAC or a
> > uid-matching firewall)
> No, it accepts them only.
wron
On Tue, Apr 15, 2008 at 11:53 PM, Poul-Henning Kamp <[EMAIL PROTECTED]> wrote:
> In message <[EMAIL PROTECTED]>, "Mich
>
> ael S. Fischer" writes:
>
> >> Varnish for instance assumes that the administrator is not a total
> >> madman, who would do something as patently stupid as you prospose
>
Gaute Amundsen <[EMAIL PROTECTED]> writes:
> we are currently running varnish-1.0.4-3el4.i386.rpm
> ( with a small patch )
1.1.2 has been out for, eh, four months now...
DES
--
Dag-Erling Smørgrav
Senior Software Developer
Linpro AS - www.linpro.no
___
Hi,
On Tue, Apr 15, 2008 at 07:35:20AM +, Poul-Henning Kamp wrote:
>>Assuming that "nobody" is an available user on your system, then is
>>the "-u user" option for varnishd superfluous?
> Yes.
>
> You can confirm the uid nobody is used with the ps(1) command.
I disagree.
Suppose you have
In message <[EMAIL PROTECTED]>, Per Andreas Buer writes:
>Poul-Henning Kamp skrev:
>>> * Open new network connections (no problem unless you use MAC or a
>>> uid-matching firewall)
>>
>> No, it accepts them only.
>
>Does the privilegded prosess talk to the origin servers?
No.
--
Poul-Henning
>Sorry, I forgot to submit this change, done now.
Thank you ;)
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc
In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] writes:
>>this should be SIZE_MAX.
>
>Could you fix this please?
Sorry, I forgot to submit this change, done now.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
[EMAIL PROTECTED] | TCP/IP since RFC 956
FreeBSD committer | B
>this should be SIZE_MAX.
Could you fix this please?
or can I make subversion to download a specific revision?
/ Erik
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc
Poul-Henning Kamp skrev:
> In message <[EMAIL PROTECTED]>, Stig Sandbeck Mathisen writes:
>> On Tue, 15 Apr 2008 00:01:17 -0700, Ricardo Newbery <[EMAIL PROTECTED]> said:
>>
>>> In Varnish, does the less-privileged user need access to anything?
>> After it has dropped root privileges, it needs at l
11 matches
Mail list logo