Mailing List Archive: Varnish: Bugs

#1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart

Index | Next | Previous | View Threaded

varnish-bugs at varnish-cache

Dec 12, 2011, 8:30 PM

Post #1 of 11 (228 views)
Permalink

#1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart

#1072: varnish does not start on boot up of machine but starts fine by manual
/etc/init.d/varnish restart
-------------------+--------------------------------------------------------
Reporter: bevo | Type: defect
Status: new | Priority: normal
Milestone: | Component: build
Version: 3.0.1 | Severity: normal
Keywords: |
-------------------+--------------------------------------------------------
on rhel6 varnish does not startup automatically at boot time.
the manager process is present but not the worker child.

if i run "varnishlog -d" i get the following:
0 WorkThread - 0x7fddccefab60 start
0 CLI - Rd vcl.load "boot" ./vcl.pvYlibbU.so
0 CLI - Wr 106 96 dlopen(./vcl.pvYlibbU.so):
./vcl.pvYlibbU.so: cannot open shared object file: Permission denied

0 CLI - EOF on CLI connection, worker stops

if i check the permission of the file:
[root [at] server ~]# ls -lah /var/lib/varnish/serverX/*
-rwxr-x--- 1 root root 30K Dec 13 15:26
/var/lib/varnish/serverX/vcl.pvYlibbU.so
-rw-r----- 1 root root 81M Dec 13 15:26 /var/lib/varnish/serverX/_.vsm

-selinux is disabled,
-varnish has been tested at starting up at s99 priority with no change.

-if i stop varnish the .so file gets removed
-manually starting varnish (via the init script) starts up fine

This seems related to another ticket that has been closed:
https://www.varnish-cache.org/trac/ticket/178

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1072>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

varnish-bugs at varnish-cache

Dec 15, 2011, 3:46 PM

Post #2 of 11 (217 views)
Permalink

Re: #1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart [In reply to]

#1072: varnish does not start on boot up of machine but starts fine by manual
/etc/init.d/varnish restart
-------------------+--------------------------------------------------------
Reporter: bevo | Type: defect
Status: new | Priority: normal
Milestone: | Component: build
Version: 3.0.1 | Severity: normal
Keywords: |
-------------------+--------------------------------------------------------

Comment(by bevo):

I have found the cause of this.
The daemon/package creates this directory (serverX being fqdn of host):
/var/lib/varnish/serverX/
It creates this directory as root:root

When the manager process compiles the vcl into a .so object it places it
in /var/lib/varnish/serverX/

This is fine except that it creates the object as root:root, rather than
the non privileged user that is going to read it.

This is not normally a problem on alot of systems as you take advantage of
the default umask which allows other read access to the file.

in summary:

The vcl is compiled and not set with appropriate permissions without
relying on the other chmod flag for read access. this file should be
created with group or user access set to the unprivileged user/group

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1072#comment:1>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

varnish-bugs at varnish-cache

Dec 19, 2011, 3:18 AM

Post #3 of 11 (210 views)
Permalink

Re: #1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart [In reply to]

varnish-bugs at varnish-cache

Dec 19, 2011, 6:42 AM

Post #4 of 11 (210 views)
Permalink

Re: #1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart [In reply to]

#1072: varnish does not start on boot up of machine but starts fine by manual
/etc/init.d/varnish restart
--------------------+-------------------------------------------------------
Reporter: bevo | Owner: martin
Type: defect | Status: closed
Priority: normal | Milestone:
Component: build | Version: 3.0.1
Severity: normal | Resolution: fixed
Keywords: |
--------------------+-------------------------------------------------------
Changes (by Martin Blix Grydeland <martin@…>):

* status: new => closed
* resolution: => fixed

Comment:

(In [ee439631b413cc5505e384c233ca36930cd33a70]) Force file permissions
0755 on compiled vcl .so file to make sure it
is readable by the unprivileged user.

Fixes: #1072

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1072#comment:3>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

varnish-bugs at varnish-cache

Dec 19, 2011, 12:52 PM

Post #5 of 11 (211 views)
Permalink

Re: #1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart [In reply to]

#1072: varnish does not start on boot up of machine but starts fine by manual
/etc/init.d/varnish restart
--------------------+-------------------------------------------------------
Reporter: bevo | Owner: martin
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: build | Version: 3.0.1
Severity: normal | Resolution:
Keywords: |
--------------------+-------------------------------------------------------
Changes (by bevo):

* status: closed => reopened
* resolution: fixed =>

Comment:

i don't think that's the appropriate fix, your still relying on 'other'
permissions

is there any reason the file cannot be owned by the user as specified by
the -u flag?(ie 'varnish')

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1072#comment:4>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

varnish-bugs at varnish-cache

Dec 19, 2011, 12:53 PM

Post #6 of 11 (210 views)
Permalink

Re: #1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart [In reply to]

#1072: varnish does not start on boot up of machine but starts fine by manual
/etc/init.d/varnish restart
--------------------+-------------------------------------------------------
Reporter: bevo | Owner: martin
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: build | Version: 3.0.1
Severity: normal | Resolution:
Keywords: |
--------------------+-------------------------------------------------------

Comment(by bevo):

but thanks for the quick response though
Cheers

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1072#comment:5>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

varnish-bugs at varnish-cache

Dec 19, 2011, 2:36 PM

Post #7 of 11 (210 views)
Permalink

Re: #1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart [In reply to]

#1072: varnish does not start on boot up of machine but starts fine by manual
/etc/init.d/varnish restart
--------------------+-------------------------------------------------------
Reporter: bevo | Owner: martin
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: build | Version: 3.0.1
Severity: normal | Resolution:
Keywords: |
--------------------+-------------------------------------------------------

Comment(by martin):

Why is it a problem relying on other permissions? All users (also the
unprivileged one) will be able to read it (0755), and it fixed the problem
in my tests. Does it not fix the problem for you? If not, please
elaborate.

We don't want the file to be owned by the unprivileged user, as the
manager process can then potentially loose access to it.

Martin

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1072#comment:6>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

varnish-bugs at varnish-cache

Dec 19, 2011, 2:43 PM

Post #8 of 11 (210 views)
Permalink

Re: #1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart [In reply to]

#1072: varnish does not start on boot up of machine but starts fine by manual
/etc/init.d/varnish restart
--------------------+-------------------------------------------------------
Reporter: bevo | Owner: martin
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: build | Version: 3.0.1
Severity: normal | Resolution:
Keywords: |
--------------------+-------------------------------------------------------

Comment(by bevo):

I would ask the question the other way around, why do all users need
access to it?

any private information in the .so object is available to anyone on the
system.

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1072#comment:7>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

varnish-bugs at varnish-cache

Dec 19, 2011, 2:46 PM

Post #9 of 11 (210 views)
Permalink

Re: #1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart [In reply to]

#1072: varnish does not start on boot up of machine but starts fine by manual
/etc/init.d/varnish restart
--------------------+-------------------------------------------------------
Reporter: bevo | Owner: martin
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: build | Version: 3.0.1
Severity: normal | Resolution:
Keywords: |
--------------------+-------------------------------------------------------

Comment(by bevo):

it does 'fix' the original issue i listed either way.

the manager process is owned by root so its always going to have access to
the file if its owned/group owned by the unprivileged user/group

if your concerned about that make it owned by root and the group by the
unprivileged group?

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1072#comment:8>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

varnish-bugs at varnish-cache

Dec 19, 2011, 2:51 PM

Post #10 of 11 (210 views)
Permalink

Re: #1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart [In reply to]

#1072: varnish does not start on boot up of machine but starts fine by manual
/etc/init.d/varnish restart
--------------------+-------------------------------------------------------
Reporter: bevo | Owner: martin
Type: defect | Status: closed
Priority: normal | Milestone:
Component: build | Version: 3.0.1
Severity: normal | Resolution: fixed
Keywords: |
--------------------+-------------------------------------------------------
Changes (by martin):

* status: reopened => closed
* resolution: => fixed

Comment:

That is a policy that is better managed at the directory level, which the
sysadmin is free to restrict access to (while making sure the directory is
readable by the unprivileged user) in my opinion.

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1072#comment:9>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

varnish-bugs at varnish-cache

Dec 19, 2011, 2:55 PM

Post #11 of 11 (210 views)
Permalink

Re: #1072: varnish does not start on boot up of machine but starts fine by manual /etc/init.d/varnish restart [In reply to]

#1072: varnish does not start on boot up of machine but starts fine by manual
/etc/init.d/varnish restart
--------------------+-------------------------------------------------------
Reporter: bevo | Owner: martin
Type: defect | Status: closed
Priority: normal | Milestone:
Component: build | Version: 3.0.1
Severity: normal | Resolution: fixed
Keywords: |
--------------------+-------------------------------------------------------

Comment(by bevo):

ok fair enough, thanks for the quick fix

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1072#comment:10>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads