Mailing List Archive: #1663: Both chmod 0755 and chown mgmt.uid used

#1663: Both chmod 0755 and chown mgmt.uid used

Jan 21, 2015, 10:45 AM

Post #1 of 3 (943 views)

#1663: Both chmod 0755 and chown mgmt.uid used
------------------------+----------------------
Reporter: puiterwijk | Type: defect
Status: new | Priority: normal
Milestone: | Component: varnishd
Version: trunk | Severity: normal
Keywords: |
------------------------+----------------------
For ticket #1072, a line was added to mgmt_vcc.c to chmod the output VCL
library to 0755 (commit ee4396), saying that you didn't want to rely on
the file ownership being the unprivileged user.

Later on, for ticket #1153, this has seemingly be reconsidered, and the
file is now given a fchown to the unprivileged user (commit b7175b).

The problem now is that since the file is no longer owner by the user
running the management process (it's now owned by the unprivileged user,
while the management process is running as root), it requires the fowner
(file owner) linux kernel permission.

Would it be required to do both, or would just the fchown suffice, as then
it would require less permissions?

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1663>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

Re: #1663: Both chmod 0755 and chown mgmt.uid used [ In reply to ]

varnish-bugs at varnish-cache

Feb 9, 2015, 5:04 AM

Post #2 of 3 (905 views)

Permalink

#1663: Both chmod 0755 and chown mgmt.uid used
------------------------+--------------------
Reporter: puiterwijk | Owner: phk
Type: defect | Status: new
Priority: normal | Milestone:
Component: varnishd | Version: trunk
Severity: normal | Resolution:
Keywords: |
------------------------+--------------------
Changes (by phk):

* owner: => phk

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1663#comment:1>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

Re: #1663: Both chmod 0755 and chown mgmt.uid used [ In reply to ]

varnish-bugs at varnish-cache

Apr 27, 2015, 1:18 AM

Post #3 of 3 (867 views)

Permalink

#1663: Both chmod 0755 and chown mgmt.uid used
------------------------+---------------------
Reporter: puiterwijk | Owner: phk
Type: defect | Status: closed
Priority: normal | Milestone:
Component: varnishd | Version: trunk
Severity: normal | Resolution: fixed
Keywords: |
------------------------+---------------------
Changes (by phk):

* status: new => closed
* resolution: => fixed

Comment:

The entire priv-sep/jail thing has had an overhaul, and I *think* that
addresses this issue as well.

Please test -trunk and reopen this ticket if not.

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1663#comment:2>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs