Re: [squid-users] FATAL: redirect_program /usr/bin/squidguard: (13) Permission denied

From: James Gray <james_gray@dont-contact.us>
Date: Wed, 24 Nov 2004 15:02:10 +1100

On Wed, 24 Nov 2004 01:26 pm, Yong Bong Fong wrote:
> Thanks James,
>
> Sorry I am a newbie in squid. I am not even sure under what user my
> squid is running on. I did not configure the cache _effective_user and
> cache_effective_group section in squid.conf. Is that the section that
> defines the user of squid?

Yes - that's where you'd define it.

> How do I check if that particular squid user has permission or not?
>
> is it through the "ls -l" command?
> here is the permission,seems like owner, group and others allhave
> execution permission.
>
> [root@matrix bin]# ls -l squidGuard
> -rwxrwxr-x 1 root root 66448 May 15 2004 squidGuard

This looks right - everyone has execute permission, but only root, and the
root-group can modify it. What are the permissions on the config files?

To see what user squid is running as, modify squid.conf so it will at least
start, then once it's running type "ps -ef|grep squid" (on Linux) or "ps aux|
grep squid" (on Free/Open/Net-BSD). The user name is in the first column
(below is the output on one of my Linux-based squid boxes; watch the wrap):
root 19156 1 0 Nov04 ? 00:00:00 /usr/sbin/squid -D -sYC
proxy 19159 19156 0 Nov04 ? 00:08:21 (squid) -D -sYC
proxy 31255 19159 0 06:20 ?
00:00:08 /usr/bin/perl /usr/local/squid/bannerfilter/redirector.pl
proxy 31256 19159 0 06:20 ?
00:00:02 /usr/bin/perl /usr/local/squid/bannerfilter/redirector.pl
proxy 31257 19159 0 06:20 ?
00:00:00 /usr/bin/perl /usr/local/squid/bannerfilter/redirector.pl
proxy 31258 19159 0 06:20 ?
00:00:00 /usr/bin/perl /usr/local/squid/bannerfilter/redirector.pl
proxy 31259 19159 0 06:20 ?
00:00:00 /usr/bin/perl /usr/local/squid/bannerfilter/redirector.pl
james 31966 31965 0 14:45 ? 00:00:00 bash -c ps -ef|grep squid

As you can see, "root" starts squid, but I have it configured to run as
effective user "proxy" in squid.conf:
...
cache_effective_user proxy
cache_effective_group proxy

> Sorry if my questions is too dumb, I read through the squid conf
> document didn't say much about this problem.

You asked a very reasonable question :) There are ways to ask stupid
questions, and so far you haven't done that. Have a look in the Squid Guard
documentation, as this is really a problem with the integration of Squid
Guard with squid. The squid.conf file is really geared towards getting squid
running on it's own. Due to the incredible variety of redirectors around, it
would be impossible to make comments on every redirector in the squid.conf
file.

Cheers,

James
Received on Tue Nov 23 2004 - 21:02:17 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST