You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by ml...@apache.org on 2010/05/22 00:53:11 UTC

svn commit: r947209 - /trafficserver/site/trunk/docs/v2/admin/files.htm

Author: mlibbey
Date: Fri May 21 22:53:11 2010
New Revision: 947209

URL: http://svn.apache.org/viewvc?rev=947209&view=rev
Log:
TS-353: proxy.config.admin.user_id additions

Modified:
    trafficserver/site/trunk/docs/v2/admin/files.htm

Modified: trafficserver/site/trunk/docs/v2/admin/files.htm
URL: http://svn.apache.org/viewvc/trafficserver/site/trunk/docs/v2/admin/files.htm?rev=947209&r1=947208&r2=947209&view=diff
==============================================================================
--- trafficserver/site/trunk/docs/v2/admin/files.htm (original)
+++ trafficserver/site/trunk/docs/v2/admin/files.htm Fri May 21 22:53:11 2010
@@ -1154,8 +1154,13 @@ where <code><i>partition_numbers</i></co
           <td><p><code><i>proxy.config.admin.user_id </i></code></p>
               <p><code>STRING</code></p></td>
           <td><p><code>nobody</code></p></td>
-          <td><p>Option used to specify who to  run the <code>traffic_server </code>process as; also used to specify ownership of config and log files.</p>
-          <p>The  nonprivileged user account designated to Traffic Server.</p></td>
+          <td><p>Option used to specify who to run the <code>traffic_server </code>process as; also used to specify ownership of config and log files.</p>
+          <p>The nonprivileged user account designated to Traffic Server.</p><p>As of version 2.1.1 if the user_id is prefixed with pound character (#) the remaining of the
+string is considered to be <a href="http://en.wikipedia.org/wiki/User_identifier">numeric user identifier</a>. If the value is set to '#-1' Traffic Server will not change the user during startup.</p><p>
+Setting user_id to 'root' or '#0' is now forbidden to increase security. Trying to do so, will cause the traffic_server fatal failure. However there are two ways to bypass that restriction:
+<li>Specify -DBIG_SECURITY_HOLE in CXXFLAGS during compilation</li>
+<li>Set the user_id=#-1 and start trafficserver as root.</li>
+</p></td>
         </tr>
         <tr>
           <td rowspan="1" colspan="3"><strong><a name="records.config.process">Process Manager</a></strong></td>