On Sat, 01 Mar 2008 23:14:30 +1300 Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > RW wrote: > > On Tue, 26 Feb 2008 12:25:06 +0200 > > Angela Williams <angie@xxxxxxxxx> wrote: > > Root filesystem is limited in space and then this dirty great > >> big directory structure is created and then gets used by squid. In > >> the twinkling of an eye the root filesystem is full! > > > > I don't think this could actually happen unless the admin does > > something perverse. > > > > If squid is run under it's own user, it would own the mounted > > filesystem, but the mountpoint should still belong to root > > ... > > OTOH when you run squid as root (which you probably shouldn't do > > anyway) > > To do most of what squid is expected to do these days: > net-load routing, fastest-path detection, transparency, > acceleration (reverse-proxy), pmtu alteration, other kernel-level > socket operations. I was under the impression (probably wrong) that most thing that involved root access wouldn't commonly involve caching to disk - I didn't know that transparent caching required root access. That was really just an aside though. > Are you willing to require all squid users to have another layer of > directory structure chown'd to effective-user just for your feature? No (and it's not my feature), what I'm talking about is this: # mkdir /cache # mount /dev/md21 /cache # # chown squid:squid /cache # ls -ld /cache drwxr-xr-x 3 squid squid 512 Mar 1 17:07 /cache # # umount /cache # ls -ld /cache drwxr-xr-x 2 root wheel 512 Mar 1 17:05 /cache i.e, when the filesystem is not mounted, /cache doesn't belong to squid My point was that Angela's objection to auto-initialization is not well founded. And since hers was the only specific objection to on-by-default, I thought it worth mentioning. I don't really care much about this myself, but I do see merit in having squid do something useful "out-of-the-box", e.g. work as a basic cache with access from localhost and private addresses - and that requires automatic initialization of a default cache directory. OTOH that could perhaps become a packaging issue once the option is added.
