Re: Serious squid problem from Henrik Nordstrom on 2000-03-16 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 16 Mar 2000 23:58:45 +0100

Have heard several reports of this during the last year, but I have not
been able to pinpoint when it happens. Presumabely something goes wrong
during a reconfigure or log rotate.

My only recommendation is to not start Squid as root, or use the
chroot_dir directive from Squid-2.3 to cause Squid to fully drop it's
root privilegies.

My startup script reads

su squid -c /usr/local/squid/bin/squid

You only need to start Squid as root if you are listening on a low port,
like port 80.

You also need to run a chown -R squid:squid /cache0 to clean up the
mess. (I have a user squid and a group squid for running Squid)

--
Henrik Nordstrom
Squid hacker
Konstantin Barinov wrote:
> Squid 2.3S2, running on solaris 2.6 (it's there for very long time,
> and 2.3S2 is the latest version I use). Problem is also very old.
> 
> The issue is that squid makes lots of swap files belonging to user root
> in spool directory. However squid is running from nobody. Look what
> the typical picture is:
> 
> l /cache0/05/C2/ ...
> -rw-r--r--   1 nobody   nobody      2189 Mar  8 16:12 001E632D
> -rw-r--r--   1 root     nobody       849 Mar 13 11:54 001E632E
> -rw-r--r--   1 root     nobody     38002 Mar 13 11:54 001E632F
> -rw-r--r--   1 nobody   nobody     19967 Mar  8 16:12 001E6330
> -rw-r--r--   1 nobody   nobody      2253 Mar  8 16:12 001E6331
> -rw-r--r--   1 nobody   nobody     17954 Mar  8 16:12 001E6332
> -rw-r--r--   1 nobody   nobody     16350 Mar  8 16:12 001E6333
> -rw-r--r--   1 root     nobody       809 Mar 15 13:48 001E6334
> -rw-r--r--   1 root     nobody       694 Mar 15 13:48 001E6335
> -rw-r--r--   1 root     nobody       810 Mar 15 13:48 001E6336
> -rw-r--r--   1 nobody   nobody     17830 Mar  8 16:12 001E6337
> -rw-r--r--   1 nobody   nobody      1297 Mar  8 16:12 001E6338
> -rw-r--r--   1 root     nobody      7303 Mar 15 13:48 001E6339
> 
> I was unable to figure out why this happens, but it messes squid operation.
> 
> Cache log says:
> 
> 2000/03/15 13:48:43| storeAufsOpenDone: (13) Permission denied
> 2000/03/15 13:48:43|    /cache0/05/C2/001E6300
> 2000/03/15 13:48:44| storeAufsOpenDone: (13) Permission denied
> 2000/03/15 13:48:44|    /cache0/05/C2/001E6300
> 2000/03/15 13:48:45| storeAufsOpenDone: (13) Permission denied
> 2000/03/15 13:48:45|    /cache0/05/C2/001E6300
> 
> Pls help, if you can. And excuse me for bothering you. ;)
> 
> rgds
> --
> Konstantin Barinov, Senior Network Manager
> INFONET AS http://infonet.ee sbr@infonet.ee

Received on Thu Mar 16 2000 - 17:50:43 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:16 MST