On Wed, Apr 15, 2015 at 6:18 AM Poul-Henning Kamp <[email protected]> wrote:
> That would make gid=varnish the general restrictor for acces, such that > it could also be used for VCL files etc. > Yup, I think it's a very reasonable yet safe restriction. > You can put the secret file wherever you like (and have as many copies > as you like) this is only about when people do not give a -S. > > I think keeping it in the -n directory makes sense, and giving it the > same privs (uid/gid) as varnishd was started with is a good place to start. > Yeah, I was thinking it might work well as a default, but if we go with gid=varnish being needed for the tools, scratch making the default something else. So 640 + vadmin:varnish ? (_.vsm) > Yes. That would be consistent, but what does everybody else say ? > Quite. Anyone? :) Dridi's suggestion of "vcache" is better than my "vrun". > I agree. It's way more recognizable as being varnish related than "vrun" or "vworker".
_______________________________________________ varnish-dev mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
