[master] 4995d793c Improve the Unix jail documentation
Nils Goroll
nils.goroll at uplex.de
Fri Feb 10 08:54:07 UTC 2023
commit 4995d793ca34f400cea719baade6335ce6b42dad
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Fri Feb 10 09:50:24 2023 +0100
Improve the Unix jail documentation
Document that the daemon and worker user have to share their primary
group.
Provide an exmaple of how to set up a system for the default users.
Note: I am well aware of the commands in pkg-varnish-cache, but they
use Linux specific useradd syntax. The commands given hopefully are
portable - I tested them on Solaris and Linux.
diff --git a/doc/sphinx/reference/varnishd.rst b/doc/sphinx/reference/varnishd.rst
index 007dbf803..126ef802b 100644
--- a/doc/sphinx/reference/varnishd.rst
+++ b/doc/sphinx/reference/varnishd.rst
@@ -475,6 +475,18 @@ specific options. Available jails are:
The optional `workuser` argument specifies an alternative user to use
for the worker process. It defaults to ``vcache``.
+ The users given for the `user` and `workuser` arguments need to have
+ the same primary ("login") group.
+
+ To set up a system for the default users with a group name
+ ``varnish``, shell commands similar to these may be used::
+
+ groupadd varnish
+ useradd -g varnish -d /nonexistent -s /bin/false \
+ -c "Varnish-Cache Daemon User" varnish
+ useradd -g varnish -d /nonexistent -s /bin/false \
+ -c "Varnish-Cache Worker User" vcache
+
-j none
last resort jail choice: With jail mechanism ``none``, varnish will
More information about the varnish-commit
mailing list