err.no Git - varnish/commit

Add two run-time parameters, "user" and "group", which specify an unprivileged
user and group to which the child process will switch immediately after fork()
returns, before it starts accepting connections. The default values are
"nobody" and "nogroup" (they should probably be tweakable at compile time...)

Note that this does not provide full privilege separation, as there are still
channels between the parent and child processes which need to be monitored,
but it is an improvement on the previous situation.

git-svn-id: svn+ssh://projects.linpro.no/svn/varnish/trunk@1482 d4fa192b-c00b-0410-8231-f00ffab90ce4

author	des <des@d4fa192b-c00b-0410-8231-f00ffab90ce4>
	Thu, 31 May 2007 12:57:30 +0000 (12:57 +0000)
committer	des <des@d4fa192b-c00b-0410-8231-f00ffab90ce4>
	Thu, 31 May 2007 12:57:30 +0000 (12:57 +0000)
commit	5401eb39da23429e3047844f816810244ce024ed
tree	03e125bfa7f032edbc5e9b7585f12c70914928c4	tree \| snapshot
parent	285c29c1a222bfd5bc986a13ac149fbb8a77dba9	commit \| diff

varnish-cache/bin/varnishd/heritage.h		diff \| blob \| history
varnish-cache/bin/varnishd/mgt_child.c		diff \| blob \| history
varnish-cache/bin/varnishd/mgt_param.c		diff \| blob \| history
varnish-cache/bin/varnishd/varnishd.1		diff \| blob \| history
varnish-cache/bin/varnishd/varnishd.c		diff \| blob \| history