Re: Squid running?

On Fri, Dec 10, 1999 at 01:25:25AM -0500, CarolB wrote:
> --------------------------------
>
> *please also note: until I configured squid.conf with
> acl ourhosts src 10.1.1.0/255.255.255.0
> http_access allow ourhosts
> none of my Windows machines connected. So I took that to mean that squid
> was running. Even after the cache.log said that squid terminated, the
> machines connect.
>
> Now, following the advice of the several people who responded to the earlier
> message, I ran lsof and then, lsof -i. Also netstat -a and ps -auxww.
> These gave me information -- reams of it. I lack the experience to
> interpret it all, so I am posting some snips, in the hopes that you-all will
> be able to tell me what some of it means.
>
> ++++ from lsof -i
> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> squid 601 root 2u IPv4 756 TCP
> localhost:1025->localhost:1024 (ESTABLISHED)
> squid 601 root 3u IPv4 759 TCP
> localhost:1027->localhost:1026 (ESTABLISHED)
> squid 601 root 4u IPv4 762 TCP
> localhost:1029->localhost:1028 (ESTABLISHED)
> squid 601 root 5u IPv4 765 TCP
> localhost:1031->localhost:1030 (ESTABLISHED)
> squid 601 root 6u IPv4 768 TCP
> localhost:1033->localhost:1032 (ESTABLISHED)
> squid 601 root 33u IPv4 785 TCP *:3128 (LISTEN)
> squid 601 root 34u IPv4 786 UDP *:icp
>
> There are also 10 dnsserver processes running. (saving space and not
> listing them) But two are listed for each localhost.

This lists open files. The "FD" is the file descriptor which the
programs use internally to identify what file they're talking to - so
all programs will have a similar set of low numbers. All this says is
that process 601 is running as user squid, with its normal set of files
open and connected to the right things - note FD 33 is listening on
port 3128 for connections.
 
> ++++ from netstat -a
>
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 *:3128 *:* LISTEN

Similar thing from a different angle - this line just tells you
*something* is listening on port 3128 - the above told you that it is a
process owned by squid.

...
> tcp 0 0 localhost:1025 localhost:1024
> ESTABLISHED
> tcp 0 0 *:smtp *:* LISTEN

The rest of those lines all refer to miscellaneous other things; the
bottom one tells you your machine is running a mail server which could
be good or bad depending, but doesn't relate to squid.

 
> ++++ from ps -auxww
> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
> root 566 0.0 0.8 2112 1144 ? S 02:29 0:00 sendmail:
> accepting connections on port 25
> root 583 0.0 0.3 1144 476 ? S 02:29 0:00 gpm -t ps/2
> root 598 0.0 0.7 3400 948 ? S 02:29 0:00 squid -D
> squid 601 0.0 4.0 6816 5224 ? S 02:29 0:00 (squid) -D
> squid 615 0.0 0.5 1476 700 ? S 02:29 0:00 (dnsserver)
> squid 616 0.0 0.5 1476 700 ? S 02:29 0:00 (dnsserver)
> squid 617 0.0 0.3 1336 496 ? S 02:29 0:00 (dnsserver)
> squid 618 0.0 0.3 1336 496 ? S 02:29 0:00 (dnsserver)
> squid 619 0.0 0.3 1336 496 ? S 02:29 0:00 (dnsserver)
> xfs 620 0.0 0.9 2156 1252 ? S 02:29 0:00
> xfs -droppriv -daemon -port -1
> squid 627 0.0 0.2 1064 320 ? S 02:29 0:00 (unlinkd)
>
> ** in all of the above, I selected only those portions that seemed squid
> related, to try to keep this somewhat brief.
>
> It seems to tell me (and this is all that it tells me) that squid IS running
> ... but that squid is running as root on process 598 and as squid on 601 --
> could the root process be the one that was terminated?

If you do ps with the -j option this time (job control info), as "ps
-ajxww", you'll see a PID and PPID (parent process ID) column. This
should tell you that the root-owned process 598 is the parent process
which launched process 601 as the squid user.

I think the one that terminated was the new one you attempted to start.

> How would I find -- is there a quick way to find -- where squid is started
> by root? (assuming you-all agree that this is happening ...)

I think that squid has been enabled by default on system startup,
probably with some sort of default configuration which may not be what
you want.

Either look into the Linux web-based system management utilities, or
(what I would do) try looking for squid in the /etc directory "rc" (run
command) and init scripts which start up the system:

  grep 'squid' /etc/*rc* /etc/*init*

Once you find it and where it's running from, decide whether you want
to disable theirs and run yours, or configure theirs the way you want
it, and go on running theirs.

> And ... when the error message from squid said: "Cannot bind socket FD 33
> to *:3128 (98)", would that be the 33u that lsof -i lists?

I think it means that because they're going through the same steps on
startup, it also happens to end up using file descriptor 33 (internal
to itself) to open the socket on 3128, the same as the already-running
Squid did.

  -- Clifton

-- 
 Clifton Royston  --  LavaNet Systems Architect --  cliftonr@lava.net
        "An absolute monarch would be absolutely wise and good.  
           But no man is strong enough to have no interest.  
             Therefore the best king would be Pure Chance.  
              It is Pure Chance that rules the Universe; 
          therefore, and only therefore, life is good." - AC