On Tue, Apr 15, 2008 at 1:16 AM, Poul-Henning Kamp <[EMAIL PROTECTED]> wrote: > >Well-engineered software doesn't make potentially false assumptions > >about the environment in which it runs. > > And they don't. > > Varnish for instance assumes that the administrator is not a total > madman, who would do something as patently stupid as you prospose > above, under the general assumption that if he were, varnish would > be the least of his troubles.
I'm not saying that they would; I'm just saying that you can't count on user 'nobody' having the precise role that a security-conscious sysadmin would want. Perhaps the sysadmin might create a 'varnishd' user instead that also has limited access, and, hence, the -u option is quite useful. Assuming that the nonprivileged user is named 'nobody' could well be false. I was simply providing the most extreme example to demonstrate a point. Best regards, --Michael _______________________________________________ varnish-misc mailing list [email protected] http://projects.linpro.no/mailman/listinfo/varnish-misc
