It looks like all users can access the log shared memory for varnishd (so they can run varnishlog, varnishstat, varnishncsa, etc.). Is there a way to prevent that? It's not a huge priority for my current setup, but I was just surprised. I noticed there was a thread about the vcl.load interface on securityfocus as well: http://www.securityfocus.com/archive/1/510360 Chris