ons 2007-02-14 klockan 11:23 +0530 skrev Logu: > >> My quick analysis showed that the issue is caused by the capset() call in > >> leave_suid(). Not sure how it affects creating the pid file, though this > >> happens well before the leave_suid() call. > > > Squid starts leaving suid very early, then bounces back to root > > momentarily to perform privileged actions. > > > I think I understand what happens here... if you have TPROXY enabled > > Squid drops quite many capabilities to be able to keep some without > > running as root. One of those capabilities dropped is CAP_FOWNER and as > > result the pid file can only be created in directories owned by root. > > > You can verify if this is the cause by removing the enter/leave_suid > > calls from tools.c writePidFile() and around the related safeunlink call > > in main.c squidShutdown(). > > Commenting out enter_suid() in writePidFile() is able to create the PID > file. > On the other side, obviously if the directory holding the PID file is owned > by root (like /var/run in Redhat) then the same type of problem would occur. Thanks. Please file a bug report with this information (problem description, my guess to the cause and your validation) Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
