In message <[EMAIL PROTECTED]>, Stig Sandbeck Mathisen writes: >On Tue, 15 Apr 2008 00:01:17 -0700, Ricardo Newbery <[EMAIL PROTECTED]> said: > >> In Varnish, does the less-privileged user need access to anything? > >After it has dropped root privileges, it needs at least: > >* Open new network connections (no problem unless you use MAC or a > uid-matching firewall)
No, it accepts them only. >* Read access to where you store your VCL files No, the vcl files are read by the master process which does not drop priviledge. >* Execute a C compiler Same. >* Write access to its cache directory, to store the compiled > configuration Same. Please figure out how varnish really works before you acuse us of being incompetent. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ varnish-misc mailing list [email protected] http://projects.linpro.no/mailman/listinfo/varnish-misc
