Hi,
On Wed, 9 Jan 2002, Alexander Galitski wrote:
> CC> What happens if squid.conf is owner, group = squid, squid?
> 2002/01/09 11:27:45| Restarting Squid Cache (version 2.4.STABLE3)...
> 2002/01/09 11:27:45| FD 11 Closing HTTP connection
> 2002/01/09 11:27:45| Cache dir '/usr/local/squid/cache' size remains unchanged at 153600 KB
> 2002/01/09 11:27:45| DNS Socket created on FD 4
> 2002/01/09 11:27:45| Adding nameserver 127.0.0.1 from /etc/resolv.conf
> 2002/01/09 11:27:45| Accepting HTTP connections at 0.0.0.0, port 3128, FD 8.
> 2002/01/09 11:27:45| Loaded Icons.
> 2002/01/09 11:27:45| Ready to serve requests.
>
> hmm, it looks ok for me. but what was wrong in previous config with
> squid.conf owned by root.squidadm ??
I have a sneaking suspicion that what's happening is:
o When started, the config file is read as root. It has to be since it
doesn't yet know the uiser and group to run as. That obviously works.
o After determining the user and group for running, squid does a setuid()
[or whatever] and setgid() [or whatever].
o setgid() [or whatever] does not pick up the other groups the user squid
"belongs" to, since that's a feature of login/su/.... I suspect it
probably even keeps the groups that root belogs to. If not it probably
drops root's other groups altogether.
Consequently, when squid is running, it needs access as user squid, group
squid.
Colin
Received on Wed Jan 09 2002 - 16:44:55 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:48 MST