Re: [squid-users] Puzzling permissions problem

On Fri, 6 May 2005, warren, anthony wrote:

> May 6 11:04:03 uranus kernel: audit(1115373843.232:0): avc: denied {
> append } for pid=2952 exe=/usr/sbin/squid name=c
> ache.log dev=sdb1 ino=10354692 scontext=root:system_r:squid_t
> tcontext=user_u:object_r:usr_t tclass=file

Permission errro on cache.log, either filesystem permission problem or
perhaps a selinux permission/policy problem.

> May 6 11:04:03 uranus kernel: audit(1115373843.233:0): avc: denied {
> append } for pid=2952 exe=/usr/sbin/squid name=a
> ccess.log dev=sdb1 ino=10354693 scontext=root:system_r:squid_t
> tcontext=user_u:object_r:usr_t tclass=file
> May 6 11:04:03 uranus (squid): Cannot open
> '/opt/secng/secnglogs/access.log' for writing. The parent directory
> must
> be writeable by the user 'squid', which is the cache_effective_user
> set in squid.conf.

Same here but for access.log.

> Now I have checked permission all the way into the logs directory and
> from what I can see all is correct.

What cache_effective_user are you using?

> To check this, I gave the squid user a shell, did an su squid, and then
> made my way into the correct directories and touched access.log and
> cache.log
>
> Below is how the permissions are setup currently:
>
> [root@uranus filtproxy]# cd /opt
> [root@uranus opt]# ls -al
> total 56
> drwxr-xr-x 6 squid root 4096 Apr 20 15:51 .
> drwxr-xr-x 23 root root 4096 Apr 21 11:29 ..
> drwxr-xr-x 4 squid root 4096 Apr 20 15:53 filtproxy
> drwx------ 2 squid root 16384 Apr 14 16:00 lost+found
> drwxr-xr-x 4 squid root 4096 Apr 20 15:53 ning
> drwxr-xr-x 4 squid squid 4096 Apr 20 15:52 secng
>
> [root@uranus secng]# ls -al
> total 32
> drwxr-xr-x 4 squid squid 4096 Apr 20 15:52 .
> drwxr-xr-x 6 squid root 4096 Apr 20 15:51 ..
> drwxr-xr-x 2 squid squid 4096 Apr 28 16:52 secngcache
> drwxr-xr-x 2 squid squid 4096 Apr 22 11:17 secnglogs
> [root@uranus secng]#

What permissions are set on the actual files?

Regards
Henrik
Received on Tue May 10 2005 - 03:20:42 MDT