Am 10.03.2013 12:42, schrieb Jan-Frode Myklebust: > On Sun, Mar 10, 2013 at 12:01:27PM +0100, Reindl Harald wrote: >> why is trafficcserver doing this? >> >> i had as example empty lines between the config blocks >> to make the file more readable which are gone and >> generally dislike this _1 files and touching my config > > Very much agree. I manage the *.config files trough puppet, and every > time puppet changes something, ATS will make one additional changes to > the files (possibly only change timestamps), and cause a second service > reload. > > Daemons shouldn't have write access to it's configuration files, as > that opens them to attacks. A remote file write vulnerability as the > ATS-user is automatically a remote root shell since it can f.ex. change > the proxy.config.proxy_binary in records.config... > > Unfortunately I don't expect this to change.. since ATS includes some > cluster management where the configuration is supposed to be replicated > between the nodes..
but with "LOCAL proxy.local.cluster.type INT 3" it should not touch anything
signature.asc
Description: OpenPGP digital signature
