On Mon, 15 Dec 2003, Renato Kalugdan wrote:
> the parent process will run as root and child process will run underneath?
>
> for security purposes, this is ok?
Sort of.
> one last question.
>
> should i log in as different user and issue same command instead?
I would recomment to start Squid as the "cache_effective_user" unless you
want to use the "chroot_dir" directive to further lock Squid down.
Without this the daemon mode of Squid only partially drops the root
privileges, it still retains some root privileges in order to support
all different combinations of "squid -k reconfigure", even if your
current configuration maybe does not require any special privileges.
As a compromise if setting up a chroot jail is too complex Squid can be
configured with "chroot_dir" set to /. This will cause Squid to
permanently drop all it's root privileges with no point of return after
reading the configuration file.
Regards
Henrik
Received on Mon Dec 15 2003 - 15:53:20 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:13 MST