Re: [squid-users] ICMP ping fails but Squid still runs

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Mon, 01 Mar 2010 10:59:52 +0100

mån 2010-03-01 klockan 16:16 +1300 skrev Amos Jeffries:

> > I did set by hand
> > pinger_program /usr/lib64/squid/pinger
> > pinger_enable on
> >
> > and i'm very shure that ping has X atributes, what am I missing?
> >
> > TIA
> >
> > LD
>
> I've been struggling with this one myself. It's something about the
> privilege levels when run under Squid.
> I suspect it's the no_suid() call when starting child helpers in
> src/ipc.cc

The squid pinger helper needs to be suid root or CAP_NET_RAW to work.
Has always been this way.

  chown root /path/to/libexec/pinger
  chmod u+s /path/to/libexec/pinger

alternatively (if filesystem capabilities is supported)

  setcap cap_net_raw=ep /path/to/libexec/pinger

Regards
Henrik
Received on Mon Mar 01 2010 - 09:59:56 MST

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 12:00:08 MST