tis 2007-02-13 klockan 11:31 +0530 skrev Logu: > My quick analysis showed that the issue is caused by the capset() call in > leave_suid(). Not sure how it affects creating the pid file, though this > happens well before the leave_suid() call. Squid starts leaving suid very early, then bounces back to root momentarily to perform privileged actions. I think I understand what happens here... if you have TPROXY enabled Squid drops quite many capabilities to be able to keep some without running as root. One of those capabilities dropped is CAP_FOWNER and as result the pid file can only be created in directories owned by root. You can verify if this is the cause by removing the enter/leave_suid calls from tools.c writePidFile() and around the related safeunlink call in main.c squidShutdown(). Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
