[squid-users] Re: Why squid -z

From: RW <fbsd06@dont-contact.us>
Date: Sat, 1 Mar 2008 17:51:46 +0000

On Sat, 01 Mar 2008 23:14:30 +1300
Amos Jeffries <squid3@treenet.co.nz> wrote:

> RW wrote:
> > On Tue, 26 Feb 2008 12:25:06 +0200
> > Angela Williams <angie@eoh.co.za> wrote:
> > Root filesystem is limited in space and then this dirty great
> >> big directory structure is created and then gets used by squid. In
> >> the twinkling of an eye the root filesystem is full!
> >
> > I don't think this could actually happen unless the admin does
> > something perverse.
> >
> > If squid is run under it's own user, it would own the mounted
> > filesystem, but the mountpoint should still belong to root
> > ...
> > OTOH when you run squid as root (which you probably shouldn't do
> > anyway)
>
> To do most of what squid is expected to do these days:
> net-load routing, fastest-path detection, transparency,
> acceleration (reverse-proxy), pmtu alteration, other kernel-level
> socket operations.

I was under the impression (probably wrong) that most thing that
involved root access wouldn't commonly involve caching to disk - I
didn't know that transparent caching required root access. That was
really just an aside though.

 
> Are you willing to require all squid users to have another layer of
> directory structure chown'd to effective-user just for your feature?

No (and it's not my feature), what I'm talking about is this:

# mkdir /cache
# mount /dev/md21 /cache
#
# chown squid:squid /cache
# ls -ld /cache
drwxr-xr-x 3 squid squid 512 Mar 1 17:07 /cache
#
# umount /cache
# ls -ld /cache
drwxr-xr-x 2 root wheel 512 Mar 1 17:05 /cache

i.e, when the filesystem is not mounted, /cache doesn't belong to
squid

My point was that Angela's objection to auto-initialization is
not well founded. And since hers was the only specific objection to
on-by-default, I thought it worth mentioning.

I don't really care much about this myself, but I do see merit in
having squid do something useful "out-of-the-box", e.g. work as a basic
cache with access from localhost and private addresses - and that
requires automatic initialization of a default cache directory. OTOH
that could perhaps become a packaging issue once the option is added.
Received on Sat Mar 01 2008 - 10:52:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:04 MDT