From: Andres Kroonmaa <andre@dont-contact.us>
Date: Fri, 12 Dec 1997 23:00:24 +0200 (EETDST)

In article <4CCB3E204CB@mail.lbi.ee> I wrote:
: Hello,
: Looking for anyone running squid 1.1.NOVM.18 or .17 on Solaris 2.6
: with moderate load (about 20000 req/hour) and moderate size
: (100-200K+ objects) and who is starting squid as root initially.
: Wish to hear that you have no problems with such setup.
: My prob is that I have to run squid as root initially, as we have
: advertised our proxy on port 80. Squid leaves suid as soon as it is
: alright, and continues to run as user 'cache'. Everything is fine.
: But, due to some mysterious reasons, after some time of work, squid
: starts to create files in its cache_dir that are owned by root, and
: whenever it tries to overwrite them, it aborts on permission error.

 Traced problem to be in getpwname() call. in Solaris < 2.6 it works
 ok, Sun says they cached the whole passwd file in ram and rarely ever
 need to access it from disk, but this was discontinued in 2.6. Now
 the only way to cache passwd is to run nscd. I didn't... getpwnam()
 has a limitation that it needs a free file descriptor below 256 to
 succeed... Busy squid may have much more open files, especially
 NOVM version. Squid code relies on this call to succed always, and
 thus when it doesn't, squid runs as root. This call is used from
 cachemgr.cgi when asking for Info.

 In summary, squid has bug, its being fixed, until then, if you run
 it on Solaris 2.6, you need to run nscd with passwd caching on.
 watch out.

  Andres Kroonmaa mail: andre@online.ee
  Network Manager
  Organization: MicroLink Online Tel: 6308 909
  Tallinn, Sakala 19 Pho: +372 6308 909
  Estonia, EE0001 http://www.online.ee Fax: +372 6308 901
Received on Fri Dec 12 1997 - 13:05:58 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:56 MST