Re: HOWTO chroot squid ?? from Henrik Nordstrom on 2000-06-28 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 28 Jun 2000 20:26:11 +0200

Now I don't have the exact list of files required, but it wasn't that
many..

One file which looks like it is missing is nsswitch.conf.

Also, make positively sure that you have all the nss libraries you need,
or symptoms like this will be seen.

strace is a good tool for finding out what files you need in the chroot.
Configure squid to NOT run as chroot, and start it with

strace -f -o /tmp/squid.trace /usr/squid/bin/squid -NXd3

Then run one or two requests, and kill Squid. Now you have a quite
detailed trace of what is needed

egrep "exec|open" /tmp/squid.trace | grep "= [0-9]"

To extract the relevant info.

--
Henrik Nordstrom
Squid hacker
Ant wrote:
> 
> Hello all,
> Im trying to chroot squid 2.3.STABLE.1 put
> in /usr/squid
> 
> /bin/squid
>      redir
>      client
>      dnsserver
>      unlinkd
> /etc/mib.txt
>      resolv.conf
>      passwd
>      protocols
>      services
>      hosts
>      squid.conf
>      mime.conf
>      icons/ - subdir for icons
>      errors/ - subdir for error files
> /logs - subdir for log files
> /dev/zero -
> /lib/ld-linux.so.2
>      ld.so
>      libc.so.6
>      libm.so.6
>      libresolv.so.2
>      libnss_files.so.1
>      libnss_dns.so.1
>      libpthread.so.0
> 
> I also add  into squid.conf
> cache_effective_user nobody
> cache_effective_group nogroup
> chroot /usr/squid
> 
> When I start as root: ./squid -X
> I gote:
> -----------CUT-----------------
> 2000/06/28 15:50:35| Processing: 'cache_effective_user nobody'
> 2000/06/28 15:50:35| parse_line: cache_effective_user nobody
> 2000/06/28 15:50:35| Processing: 'cache_effective_group nogroup'
> 2000/06/28 15:50:35| parse_line: cache_effective_group nogroup
> 2000/06/28 15:50:35| Processing: 'chroot /usr/squid'
> 2000/06/28 15:50:35| parse_line: chroot /usr/squid
> -----------CUT-----------------
> 2000/06/28 15:50:35| Squid is not safe to run as root!  If you must
> 2000/06/28 15:50:35| start Squid as root, then you must configure
> 2000/06/28 15:50:35| it to run as a non-priveledged user with the
> 2000/06/28 15:50:35| 'cache_effective_user' option in the config file.
> FATAL: Don't run Squid as root, set 'cache_effective_user'!
> Squid Cache (Version 2.3.STABLE1): Terminated abnormally.
> 
> When I start as effective user(nobody) I got
> 
> FATAL: failed to chroot
> Squid Cache (Version 2.3.STABLE1): Terminated abnormally.
> CPU Usage: 0.020 seconds = 0.020 user + 0.000 sys
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 181
> 
> Best regards,
>  Ant                          mailto:Ant@ibd.ru

Received on Wed Jun 28 2000 - 13:02:22 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:13 MST