FW: [squid-users] Puzzling permissions problem

From: warren, anthony <anthony.warren@dont-contact.us>
Date: Tue, 10 May 2005 09:32:01 +0100

Does anyone have any thoughts on my problem?

Anthony

-----Original Message-----
From: warren, anthony [mailto:anthony.warren@medway.gov.uk]
Sent: 06 May 2005 11:28
To: squid-users@squid-cache.org
Subject: [squid-users] Puzzling permissions problem

Hi,

I have a problem with cache directory permissions.
What I am trying to do is run multiple instances of squid on a RHEL4
server, with squid configured to listen on different IP address and use
the TCP_OUTGOING_ADDRESS config option, so I can apply different
Websense policies based on the IP address.

I installed squid via RHEL's up2date RPM install procedure (to enable
easy version updates).
The default cache directory is /var/spool/squid

What I want to do is create the following structure:

Instance 1:
Cache dir = /opt/secng/secngcache
Logs dir = /opt/secng/secnglogs

Instance 2:
Cache dir = /opt/filtproxy/filtcache
Logs dir = /opt/filtproxy/filtlogs

Instance 3:
Cache dir = /opt/ning/ningcache
Logs dir = /opt/ning/ninglogs

I am trying to get the secng instance working at the moment but whenever
I try to initialize the cache dir I get the following in
/var/log/messages:

May 6 11:04:00 uranus squid[2930]: Squid Parent: child process 2947
exited due to signal 6 May 6 11:04:03 uranus squid[2930]: Squid Parent:
child process 2952 started May 6 11:04:03 uranus kernel:
audit(1115373843.232:0): avc: denied { append } for pid=2952
exe=/usr/sbin/squid name=c ache.log dev=sdb1 ino=10354692
scontext=root:system_r:squid_t tcontext=user_u:object_r:usr_t
tclass=file May 6 11:04:03 uranus kernel: audit(1115373843.233:0): avc:
denied { append } for pid=2952 exe=/usr/sbin/squid name=a ccess.log
dev=sdb1 ino=10354693 scontext=root:system_r:squid_t
tcontext=user_u:object_r:usr_t tclass=file May 6 11:04:03 uranus
(squid): Cannot open
'/opt/secng/secnglogs/access.log' for writing. The parent directory
must
 be writeable by the user 'squid', which is the cache_effective_user
set in squid.conf.
May 6 11:04:03 uranus squid[2930]: Squid Parent: child process 2952
exited due to signal 6 May 6 11:04:03 uranus squid[2930]: Exiting due
to repeated, frequent failures

Now I have checked permission all the way into the logs directory and
from what I can see all is correct.
To check this, I gave the squid user a shell, did an su squid, and then
made my way into the correct directories and touched access.log and
cache.log

Below is how the permissions are setup currently:

[root@uranus filtproxy]# cd /opt
[root@uranus opt]# ls -al
total 56
drwxr-xr-x 6 squid root 4096 Apr 20 15:51 .
drwxr-xr-x 23 root root 4096 Apr 21 11:29 ..
drwxr-xr-x 4 squid root 4096 Apr 20 15:53 filtproxy
drwx------ 2 squid root 16384 Apr 14 16:00 lost+found
drwxr-xr-x 4 squid root 4096 Apr 20 15:53 ning
drwxr-xr-x 4 squid squid 4096 Apr 20 15:52 secng

[root@uranus secng]# ls -al
total 32
drwxr-xr-x 4 squid squid 4096 Apr 20 15:52 .
drwxr-xr-x 6 squid root 4096 Apr 20 15:51 ..
drwxr-xr-x 2 squid squid 4096 Apr 28 16:52 secngcache drwxr-xr-x 2
squid squid 4096 Apr 22 11:17 secnglogs [root@uranus secng]#

Please can someone offer some advice as it is driving me crazy and I am
up against a fairly tight timescale to get this working.

Many thanks,

Anthony Warren
Received on Tue May 10 2005 - 02:32:03 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT