Hi again, Found https://varnish-cache.org/docs/4.1/whats-new/changes.html#proactive-security-features <https://varnish-cache.org/docs/4.1/whats-new/changes.html#proactive-security-features>
Even this shows something else: “On most systems, the Varnish parent process will now drop effective privileges to normal user mode when not doing operations needing special access. The Varnish worker child should now be run as a separate vcache user." Thanks! -- Vlad Rusu skypeid: rusu.h.vlad | cell: +40758066019 Lola Tech | lola.tech <https://lola.tech/> > On 22 Nov 2016, at 21:57, Vlad Rusu <[email protected]> wrote: > > Hi everyone, > > I noticed the user owning both varnishd processes (parent + child) is now > “varnish" (or whatever user we specify in the config). I was previously using > Varnish 3 in RHEL 6 and the parent process was owned by root, as the book > also describes. > > Looking at the Varnish 4.0 book (can’t find a 4.1 one), it still says that’s > how it should be —> > http://book.varnish-software.com/4.0/chapters/Tuning.html#the-parent-process-the-manager > > <http://book.varnish-software.com/4.0/chapters/Tuning.html#the-parent-process-the-manager> > > Before I start testing diff Varnish versions on different OS versions, can > you tell me if this is expected? Is it safe.. ? > > ======= > > OS: Centos 7.2 > Varnish: 4.1.3 from the Varnish repo > > [root@xxx varnish]# cat /etc/redhat-release > CentOS Linux release 7.2.1511 (Core) > > [root@xxx varnish]# rpm -qi varnish > Name : varnish > Version : 4.1.3 > Release : 1.el7 > Architecture: x86_64 > Install Date: Tue 22 Nov 2016 07:16:30 PM UTC > Group : System Environment/Daemons > Size : 1131779 > License : BSD > Signature : RSA/SHA1, Wed 06 Jul 2016 12:39:52 PM UTC, Key ID > 60e7c096c4deffeb > Source RPM : varnish-4.1.3-1.el7.src.rpm > Build Date : Wed 06 Jul 2016 12:30:55 PM UTC > Build Host : centos7.varnish-software.com > <http://centos7.varnish-software.com/> > Relocations : (not relocatable) > URL : https://www.varnish-cache.org/ <https://www.varnish-cache.org/> > Summary : High-performance HTTP accelerator > > [root@xxx varnish]# ps auxf | grep varnish > varnish 14899 0.0 0.0 133080 1292 ? Ss 19:32 0:00 > /usr/sbin/varnishd -P /var/run/varnish.pid -f /etc/varnish/default.vcl -a > :6081 -T 127.0.0.1:6082 -S /etc/varnish/secret -s malloc,256M > varnish 14901 0.0 4.5 314788 85248 ? Sl 19:32 0:00 \_ > /usr/sbin/varnishd -P /var/run/varnish.pid -f /etc/varnish/default.vcl -a > :6081 -T 127.0.0.1:6082 -S /etc/varnish/secret -s malloc,256M > > ======= > > Thanks! > > -- > Vlad Rusu > skypeid: rusu.h.vlad | cell: +40758066019 > > Lola Tech | lola.tech <https://lola.tech/>
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
