<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Hi again, </div><div class=""><br class=""></div>Found <a href="https://varnish-cache.org/docs/4.1/whats-new/changes.html#proactive-security-features" class="">https://varnish-cache.org/docs/4.1/whats-new/changes.html#proactive-security-features</a><div class=""><br class=""></div><div class="">Even this shows something else:</div><div class=""><br class=""></div><div class="">“On most systems, the Varnish parent process will now drop effective privileges to normal user mode when not doing operations needing special access.</div><div class="">The Varnish worker child should now be run as a separate vcache user."</div><div class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class="">Thanks!<br class=""><br class="">--<br class=""><b class="">Vlad Rusu</b><br class="">skypeid: rusu.h.vlad | cell: +40758066019<br class=""><br class="">Lola Tech | <a href="https://lola.tech" class="">lola.tech</a></div></div></div>
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On 22 Nov 2016, at 21:57, Vlad Rusu <<a href="mailto:vlad.rusu@lola.tech" class="">vlad.rusu@lola.tech</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Hi everyone, </div><div class=""><br class=""></div><div class="">I noticed the user owning both varnishd processes (parent + child) is now “varnish" (or whatever user we specify in the config). I was previously using Varnish 3 in RHEL 6 and the parent process was owned by root, as the book also describes.</div><div class=""><br class=""></div><div class="">Looking at the Varnish 4.0 book (can’t find a 4.1 one), it still says that’s how it should be —> <a href="http://book.varnish-software.com/4.0/chapters/Tuning.html#the-parent-process-the-manager" class="">http://book.varnish-software.com/4.0/chapters/Tuning.html#the-parent-process-the-manager</a></div><div class=""><br class=""></div><div class="">Before I start testing diff Varnish versions on different OS versions, can you tell me if this is expected? Is it <b class="">safe.. </b>?</div><div class=""><br class=""></div><div class="">=======</div><div class=""><br class=""></div><div class=""><div class=""><b class="">OS: Centos 7.2</b></div><div class=""><b class="">Varnish: 4.1.3 from the Varnish repo</b></div></div><div class=""><br class=""></div><div class="">[root@xxx varnish]# cat /etc/redhat-release</div><div class="">CentOS Linux release 7.2.1511 (Core)</div><div class=""><br class=""></div><div class="">[root@xxx varnish]# rpm -qi varnish</div><div class="">Name : varnish</div><div class="">Version : 4.1.3</div><div class="">Release : 1.el7</div><div class="">Architecture: x86_64</div><div class="">Install Date: Tue 22 Nov 2016 07:16:30 PM UTC</div><div class="">Group : System Environment/Daemons</div><div class="">Size : 1131779</div><div class="">License : BSD</div><div class="">Signature : RSA/SHA1, Wed 06 Jul 2016 12:39:52 PM UTC, Key ID 60e7c096c4deffeb</div><div class="">Source RPM : varnish-4.1.3-1.el7.src.rpm</div><div class="">Build Date : Wed 06 Jul 2016 12:30:55 PM UTC</div><div class="">Build Host : <a href="http://centos7.varnish-software.com/" class="">centos7.varnish-software.com</a></div><div class="">Relocations : (not relocatable)</div><div class="">URL : <a href="https://www.varnish-cache.org/" class="">https://www.varnish-cache.org/</a></div><div class="">Summary : High-performance HTTP accelerator</div><div class=""><br class=""></div><div class=""><div class="">[root@xxx varnish]# ps auxf | grep varnish</div><div class="">varnish 14899 0.0 0.0 133080 1292 ? Ss 19:32 0:00 /usr/sbin/varnishd -P /var/run/varnish.pid -f /etc/varnish/default.vcl -a :6081 -T 127.0.0.1:6082 -S /etc/varnish/secret -s malloc,256M</div><div class="">varnish 14901 0.0 4.5 314788 85248 ? Sl 19:32 0:00 \_ /usr/sbin/varnishd -P /var/run/varnish.pid -f /etc/varnish/default.vcl -a :6081 -T 127.0.0.1:6082 -S /etc/varnish/secret -s malloc,256M</div></div><div class=""><br class=""></div><div class="">=======</div><div class=""><br class=""></div><div class="">Thanks!</div><div class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class="">--<br class=""><b class="">Vlad Rusu</b><br class="">skypeid: rusu.h.vlad | cell: +40758066019<br class=""><br class="">Lola Tech | <a href="https://lola.tech/" class="">lola.tech</a></div></div></div>
</div>
<br class=""></div></div></blockquote></div><br class=""></div></body></html>