Squid not running as configured
Jim Chivas
> Hi,
>
>
> On Thu, 24 Feb 2000, Jim Chivas wrote:
>
> >
> > greetings:
> >
> > After I installed 'squid' and set the 'cache_effective_user and
> > cache_effective_group' both to nobody. Squid starts up ok and the logs
> > show no errors but when I do a 'ps' command I see 3 processes. One
> > process says 'nobody' as the user but the process command it says its
> > running is '(unlinked)'. The other 2 processes seem to be squid parent and
> > child BUT running as 'root'.
> >
> > Is there an explanation for this?
> >
> The "(unlinked)" is actually "(unlinkd)" which is the daemon that keeps
> the cache clean. I would not be surprised to see the parent squid running
> as root but would have thought that the child would have the correct
> uid/gid. Does "nobody" exist in both /etc/passwd and /etc/group?
********************************************************
Yes
>
The ncsa routines are running as nobody but squid parent and child is
running as root.
Jim
> Colin
>
>
-- ---------------------------------------------------------------------
Jim Chivas, Computing/Network Services email: jch...@langara.bc.ca
Langara College fax: (604) 323-5349
100 West 49th Avenue Voice: (604) 323-5390
Vancouver, B.C., Canada http://www.langara.bc.ca
V5Y 2Z6
Henrik Nordstrom
> The ncsa routines are running as nobody but squid parent and child is
> running as root.
The child Squid process should run with
UID: root
eUID: nobody
sUID: root
If you want it to fully drop root privilegies either don't start it as
root, or use the chroot_dir directive of Squid-2.3. (available as a
patch to Squid-2.2 from http://squid.sourceforge.net/hno/squid/)
Squid by default does not fully drop root privilegies because it may be
required during reconfigure.
--
Henrik Nordstrom
Squid hacker