Re: [squid-users] Problem writing squid PID file when tproxy isenabled.

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 13 Feb 2007 23:15:15 +0100

tis 2007-02-13 klockan 11:31 +0530 skrev Logu:

> My quick analysis showed that the issue is caused by the capset() call in
> leave_suid(). Not sure how it affects creating the pid file, though this
> happens well before the leave_suid() call.

Squid starts leaving suid very early, then bounces back to root
momentarily to perform privileged actions.

I think I understand what happens here... if you have TPROXY enabled
Squid drops quite many capabilities to be able to keep some without
running as root. One of those capabilities dropped is CAP_FOWNER and as
result the pid file can only be created in directories owned by root.

You can verify if this is the cause by removing the enter/leave_suid
calls from tools.c writePidFile() and around the related safeunlink call
in main.c squidShutdown().

Regards
Henrik

Received on Tue Feb 13 2007 - 15:15:21 MST

This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST