-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Den 26. aug. 2015 23:45, skrev Ingvar Hagelund:
> varnish-4.1.0 does no longer support the -u user option. This
> changes the various variants of redhat startup scripts to use the
> unix "jail" variant.
Or even better, giving users the probably very seldom used option to
use some other user than "varnish" by the sysconfig/params files.
Ingvar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJV3rbTAAoJEB4pl4iKhgvREWMQAJJs8wfogMHfyRgED7vrscCL
T5JCXN2hv/06LpzgM3c1gGdoAQOBObh83ZSeZCd+XMGlvg1FAuJn11BrV1DbUmmZ
+rZWwmOcg5a6oKGBGFVOOAD/GrfrsEyN+3KdHRnfb7mGKPyMKOych8Ir4y9hbx2y
7xfxjmMk8JCNugYyS+F36Umd8uYCDhkr5x1cN50j7P32KWMQEd21XGfahJ5kLN2V
rCbKa2EDlWXECFA2u90ZUBc3kI61IT/DqJxvdaO8/MtYp1oz37EF3uu+bnJ1YlDn
pQpVO4IdWPif4y7OjHvbA/FNig9gbO/TMVKnyl0Npy+vJpaEcV6Nmo5tMCL5yJjL
CgM95PwAhn77HufcFDoUFj8NZUWgg+1B7yUxECEQoSwOmfD/6z9Wd+uxcziu+FG0
8CLxA9dPMYPfYCKdz3ik2/IAvxGmfsZOdSEzPLumFDYOd/FEClZrAlWpLijysAhh
Jpezrb5HLCpHM5aDAJuCUN9ug6Endur2KebVj0cYk3qUUf4JTOnkZ6ZpwBWMd5on
R0zhbh5ie/VjzcI4alRrNLRvSmhDu/tXgeUB20cphnOVF0h8jW0Oo38DC2yFiS+a
gUTmteKTFNvGEKB8TniqiuCWbQ8omURH/YhSShzd7T5FkxAE4Shl3QLqS7c+aF1b
Rycpt+/DV0QlHVzu9NNO
=3Rmi
-----END PGP SIGNATURE-----
diff --git a/redhat/varnish.initrc b/redhat/varnish.initrc
index 67b530a..681fcdc 100755
--- a/redhat/varnish.initrc
+++ b/redhat/varnish.initrc
@@ -74,7 +74,7 @@ start() {
return 6
else
# Varnish always gives output on STDOUT
- daemon --pidfile $pidfile $exec -P $pidfile "$DAEMON_OPTS" > /dev/null 2>&1
+ daemon --pidfile $pidfile $exec "$DAEMON_OPTS" -P $pidfile > /dev/null 2>&1
retval=$?
if [ $retval -eq 0 ]
then
diff --git a/redhat/varnish.params b/redhat/varnish.params
index 27a14dd..23853e7 100644
--- a/redhat/varnish.params
+++ b/redhat/varnish.params
@@ -24,12 +24,11 @@ VARNISH_SECRET_FILE=/etc/varnish/secret
# man page for details.
VARNISH_STORAGE="file,/var/lib/varnish/varnish_storage.bin,1G"
+# User jail for the varnishd worker processes
+VARNISH_JAIL=unix,user=varnish
+
# Default TTL used when the backend does not specify one
VARNISH_TTL=120
-# User and group for the varnishd worker processes
-VARNISH_USER=varnish
-VARNISH_GROUP=varnish
-
# Other options, see the man page varnishd(1)
#DAEMON_OPTS="-p thread_pool_min=5 -p thread_pool_max=500 -p thread_pool_timeout=300"
diff --git a/redhat/varnish.service b/redhat/varnish.service
index 659dba2..2d70f3d 100644
--- a/redhat/varnish.service
+++ b/redhat/varnish.service
@@ -28,13 +28,12 @@ Type=forking
PIDFile=/var/run/varnish.pid
PrivateTmp=true
ExecStart=/usr/sbin/varnishd \
+ -j $VARNISH_JAIL \
-P /var/run/varnish.pid \
-f $VARNISH_VCL_CONF \
-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
-T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
-t $VARNISH_TTL \
- -u $VARNISH_USER \
- -g $VARNISH_GROUP \
-S $VARNISH_SECRET_FILE \
-s $VARNISH_STORAGE \
$DAEMON_OPTS
diff --git a/redhat/varnish.sysconfig b/redhat/varnish.sysconfig
index 6aa2354..fe22d18 100644
--- a/redhat/varnish.sysconfig
+++ b/redhat/varnish.sysconfig
@@ -31,10 +31,10 @@ RELOAD_VCL=1
# Listen on port 6081, administration on localhost:6082, and forward to
# content server on localhost:8080. Use a fixed-size cache file.
#
-#DAEMON_OPTS="-a :6081 \
+#DAEMON_OPTS="-j unix,user=varnish \
+# -a :6081 \
# -T localhost:6082 \
# -b localhost:8080 \
-# -u varnish -g varnish \
# -s file,/var/lib/varnish/varnish_storage.bin,1G"
@@ -44,10 +44,10 @@ RELOAD_VCL=1
# one content server selected by the vcl file, based on the request. Use a
# fixed-size cache file.
#
-#DAEMON_OPTS="-a :6081 \
+#DAEMON_OPTS="-j unix,user=varnish \
+# -a :6081 \
# -T localhost:6082 \
# -f /etc/varnish/default.vcl \
-# -u varnish -g varnish \
# -S /etc/varnish/secret \
# -s file,/var/lib/varnish/varnish_storage.bin,1G"
@@ -93,14 +93,14 @@ VARNISH_TTL=120
#
# # DAEMON_OPTS is used by the init script. If you add or remove options, make
# # sure you update this section, too.
-DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
+DAEMON_OPTS="-j unix,user=varnish \
+ -a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
-f ${VARNISH_VCL_CONF} \
-T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
-t ${VARNISH_TTL} \
-p thread_pool_min=${VARNISH_MIN_THREADS} \
-p thread_pool_max=${VARNISH_MAX_THREADS} \
-p thread_pool_timeout=${VARNISH_THREAD_TIMEOUT} \
- -u varnish -g varnish \
-S ${VARNISH_SECRET_FILE} \
-s ${VARNISH_STORAGE}"
#
_______________________________________________
varnish-dev mailing list
[email protected]
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
