> > Thank you. This is being tracked in > http://bugs.squid-cache.org/show_bug.cgi?id=3185 > > Can you test the patch I've added there please? I downloaded the file. is it bug3185_mk2.patch isn't it? This is the PATH of the file include/util.h /root/software/squid-3.2.0.6/include/util.h May I ask how can I patch it? is it something like patch -p0 < /PATH/TO/bug3185_mk2.patch or another way? I want to try. Pls help me to go ahead. >> cache_effective_user _squid > > Can be replaced by a configure option: > --with-default-user=_squid ok, I will configure and try again... >> cache_effective_group _squid > > Remove cache_effective_group. > Assign user _squid to group _squid instead (must be done anyways). i have already like this .. # id _squid uid=515(_squid) gid=515(_squid) groups=515(_squid) further, if u need. my /etc/passwd _squid:*:515:515:SquidAccount:/nonexistent:/sbin/nologin my /etc/group _squid:*:515: what else? Welcome your comments. >> # Define the access log format >> logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A >> %mt below was my first log format line logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt pls see %03Hs , then. I got below complain 2011/04/08 16:25:54 kid1| WARNING: The "Hs" formatting code is deprecated. Use the ">Hs" instead. then, I changed %03Hs to %03>Hs. Then, no complain. is %03>Hs ok? > 3.2 should be complaining about that alteration to the default ... is it? yes. pls see , That's what i mentioned before. 2011/04/08 16:25:54 kid1| WARNING: The "Hs" formatting code is deprecated. Use the ">Hs" instead. >> permision of /dev/pf >> >> crw------- 1 root wheel 73, 0 Apr 1 19:30 /dev/pf >> > > Is wheel the usual group for /dev/pf? yes. the same on my other OpenBSD box running squid 2.7.9. Pls see if u need. # squid -v Squid Cache: Version 2.7.STABLE9 # ls -al /dev/pf crw------- 1 root wheel 73, 0 Dec 17 16:33 /dev/pf # tail -f /var/squid/logs/cache.log 2011/04/08 14:26:24| 0 Objects expired. 2011/04/08 14:26:24| 351 Objects cancelled. 2011/04/08 14:26:24| 0 Duplicate URLs purged. 2011/04/08 14:26:24| 0 Swapfile clashes avoided. 2011/04/08 14:26:24| Took 1.2 seconds (5811.2 objects/sec). 2011/04/08 14:26:24| Beginning Validation Procedure 2011/04/08 14:26:24| Completed Validation Procedure 2011/04/08 14:26:24| Validated 6608 Entries 2011/04/08 14:26:24| store_swap_size = 92128k 2011/04/08 14:26:25| storeLateRelease: released 0 objects no problem at all with squid 2.7.9 > I would expect some other less privileged group has read access to /dev/pf. > You then add the _squid user as a member of that low-privilege group. I did below steps. I think I will have to look in to it. I think I should discuss with OpenBSD mailing list in regard to this as they are secure by default. I love their Philosophy very much. # chgrp _squid /dev/pf # chmod g+rw /dev/pf after this , pls see cache.log , no complain in regard to pf as before. # tail -f /var/squid/logs/cache.log 2011/04/08 20:30:04 kid1| 0 Objects expired. 2011/04/08 20:30:04 kid1| 7 Objects cancelled. 2011/04/08 20:30:04 kid1| 0 Duplicate URLs purged. 2011/04/08 20:30:04 kid1| 0 Swapfile clashes avoided. 2011/04/08 20:30:04 kid1| Took 0.04 seconds (25798.56 objects/sec). 2011/04/08 20:30:04 kid1| Beginning Validation Procedure 2011/04/08 20:30:04 kid1| Completed Validation Procedure 2011/04/08 20:30:04 kid1| Validated 2117 Entries 2011/04/08 20:30:04 kid1| store_swap_size = 8998 2011/04/08 20:30:05 kid1| storeLateRelease: released 0 objects That's all I can tell you. sorry for the long mail. I think step by step info may be very helpful. anyway, Pls let me know how to patch. I love it, then, for next releases on OpenBSD, I can try. hope 2 hear from you. -- Thank you Indunil Jayasooriya
