Re: [squid-users] Problems with effective user from Henrik Nordstrom on 2005-06-27 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 27 Jun 2005 23:25:04 +0200 (CEST)

On Mon, 27 Jun 2005, Lloyd Parkes wrote:

> I agree. I can see that the command line squid is trying to signal the child squid that is running as squid and not the parent that is running as root.

The big question is why it is failing for you.

The signal should be sent as your cache_effective_user to the child
process running as the cache_effective_user..

> You are entirely correct. I've had a lot of luck in the past with adding
> patches from squid-cache.org to STABLE releases of squid, so I threw in
> all the patches (six of them).

The patch as such is verified on Linux, and not expected to cause any
trouble. But it's the only thing which has touched this area of Squid in
ages..

> I noticed that my test machine worked fine, so I ran "truss
> /usr/local/squid/sbin/squid -k reconfigure 2> truss.out" on each machine
> and compared the output. The production machine was doing completely
> different stuff from my test machine. I quickly confirmed that I had
> different binaries on the two machines (bad me).
>
> Both squids read in the config file, but with the chroot patch, the
> config file gets 'activated'. I'm guessing it's the call to
> configDoConfigure() that does it. Later on squid calls setuid(squid)
> which sets the real, effective and saves user id to squid. It then tries
> to send the signal to the child squid. Unfortunately the child squid is
> running as
>
> USER RUSER PID PPID PGID SID COMMAND
> squid root 768 766 766 766 (squid) -sDYf /usr/local/squid/etc/squid.conf
>
> and the real user id of the two processes need to match if the signal is to be delivered.

Seems to me that your running Squid is not running chrooted.

The release of Squid-2.5.STABLE11 is blocked until it can be resolved what
is going on in your installation.

After reading your signal comments above I have one idea. If Squid is not
configured to chroot AND the OS does not allow users to send signals to
processes running as their effective user id but different real user id
then the current patch would cause "squid -k" problems due to the second
part.

I have updated the patch slightly to account for this posisble situation.
Please test if the updates patch makes any difference.

Regards
Henrik
Received on Mon Jun 27 2005 - 15:25:08 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:03 MDT