Re: Why should squid not be run as root?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 11 Jun 1999 21:40:30 +0000

danielrod@nts.co.jp wrote:

> Is there anything that I can/should do to minimize the rights
> associated with "squidadmin?"

Things you can do if you really want to secure this user:

1. Disable all login rights for the squidadmin user. It is a server
account and should not be logged into interactively (use su squidadmin
as root to switch to this userid if you need to use it interactively).
2. Make sure this user does not have write (or even read) permissions to
any files it shouldn't be able to touch.
3. Set up a chroot:ed environment for Suqid.

How much you should do depents on which security level the machine has.
There is no point in building large walls around the Squid user if the
machine/OS hasn't been properly secured.

--
Henrik Nordstrom
Spare time Squid hacker
Received on Fri Jun 11 1999 - 16:07:28 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:51 MST