On Mar 1, 2008, at 2:14 AM, Amos Jeffries wrote:
RW wrote:
On Tue, 26 Feb 2008 12:25:06 +0200
Angela Williams <angie@xxxxxxxxx> wrote:
On Tuesday 26 February 2008, Ric wrote:
I'm wondering why we require "squid -z" before starting up Squid
for
the first time. Is there some reason why Squid shouldn't do this
automatically when necessary?
Just a simple scenario?
I use a separate cache file system for all my many squid boxes.
Now for some reason one of the boxes get bounced and my squid cache
filesystem fails to mount but squid comes up happily and say Oh look
I don't have any cache directory structure so let me make one! Root
filesystem is limited in space and then this dirty great big
directory structure is created and then gets used by squid. In the
twinkling of an eye the root filesystem is full!
I don't think this could actually happen unless the admin does
something perverse.
If squid is run under it's own user, it would own the mounted
filesystem, but the mountpoint should still belong to root,
operator or
whatever. The squid daemon wouldn't be able to write the cache
directories under the mountpoint unless the admin had explicitly
given
it write permission or changed the ownership of the mountpoint to
the squid user (even though squid doesn't do the mounting). OTOH
when you run squid as root (which you probably shouldn't do
anyway)
To do most of what squid is expected to do these days:
net-load routing, fastest-path detection, transparency,
acceleration (reverse-proxy), pmtu alteration, other kernel-level
socket operations.
It _requires_ starting as root and dropping its own privileges down
to effective-user when no longer needed.
the cache directory needs to be owned by
"cache_effective_user" for squid to use it.
It does anyway, root-started or non-root.
Are you willing to require all squid users to have another layer of
directory structure chown'd to effective-user just for your feature?
Adrian has already made the offer to commit the code if you write it.
Amos
To be fair to RW, I don't think he was asking for this feature. I was.
RW was just offering an opinion on the technical merits of Angela's
argument. In any case, this argument is moot since a config flag that
defaults to "off" seems acceptable to all.
Ric