Then It is unable to write cache.log:
Here is the output:root@t4240qds:~# /usr/sbin/squid -k parse
2015/02/13 12:27:14| Startup: Initializing Authentication Schemes ...
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'basic'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'digest'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'negotiate'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'ntlm'
2015/02/13 12:27:14| Startup: Initialized Authentication.
2015/02/13 12:27:14| Processing Configuration File: /etc/squid.conf (depth 0)
2015/02/13 12:27:14| Processing: cache_mgr priyaiitmandi@xxxxxxxxx
2015/02/13 12:27:14| Processing: visible_hostname t4240qds
2015/02/13 12:27:14| Processing: cache_effective_user nobody
2015/02/13 12:27:14| Processing: dns_nameservers 8.8.8.8
2015/02/13 12:27:14| Processing: acl mynet src 10.116.65.0/24
2015/02/13 12:27:14| Processing: acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
2015/02/13 12:27:14| Processing: acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
2015/02/13 12:27:14| Processing: acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
2015/02/13 12:27:14| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range
2015/02/13 12:27:14| Processing: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
2015/02/13 12:27:14| Processing: acl SSL_ports port 443
2015/02/13 12:27:14| Processing: acl Safe_ports port 80 # http
2015/02/13 12:27:14| Processing: acl Safe_ports port 21 # ftp
2015/02/13 12:27:14| Processing: acl Safe_ports port 443 # https
2015/02/13 12:27:14| Processing: acl Safe_ports port 70 # gopher
2015/02/13 12:27:14| Processing: acl Safe_ports port 210 # wais
2015/02/13 12:27:14| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2015/02/13 12:27:14| Processing: acl Safe_ports port 280 # http-mgmt
2015/02/13 12:27:14| Processing: acl Safe_ports port 488 # gss-http
2015/02/13 12:27:14| Processing: acl Safe_ports port 591 # filemaker
2015/02/13 12:27:14| Processing: acl Safe_ports port 777 # multiling http
2015/02/13 12:27:14| Processing: acl CONNECT method CONNECT
2015/02/13 12:27:14| Processing: http_access deny !Safe_ports
2015/02/13 12:27:14| Processing: http_access deny CONNECT !SSL_ports
2015/02/13 12:27:14| Processing: http_access allow localhost manager
2015/02/13 12:27:14| Processing: http_access deny manager
2015/02/13 12:27:14| Processing: http_access allow mynet
2015/02/13 12:27:14| Processing: http_access allow localnet
2015/02/13 12:27:14| Processing: http_access allow localhost
2015/02/13 12:27:14| Processing: http_access deny all
2015/02/13 12:27:14| Processing: http_port 10.116.65.155:8080
2015/02/13 12:27:14| Processing: cache_dir ufs /var/cache/squid 100 16 256
2015/02/13 12:27:14| Processing: coredump_dir /var/cache/squid
2015/02/13 12:27:14| Processing: refresh_pattern ^ftp: 1440 20% 10080
2015/02/13 12:27:14| Processing: refresh_pattern ^gopher: 1440 0% 1440
2015/02/13 12:27:14| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2015/02/13 12:27:14| Processing: refresh_pattern . 0 20% 4320
WARNING: Cannot write log file: /var/logs/cache.log
/var/logs/cache.log: Permission denied
messages will be sent to 'stderr'.
root@t4240qds:~# ls -ld /var/logs
drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs
On Fri, Feb 13, 2015 at 5:04 PM, Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx> wrote:
On Friday 13 Feb 2015 at 11:06, Priya Agarwal wrote:
> So sorry. In squid.conf I had done cache_effective_user to nobody and set
> permissions of /var and /usr to nobody. So those are the permissions.
Are you saying that /var is owned by 'nobody'?
That sounds like a problem for the system to me. /var should be owned by
root; if you want to have subdirectories owned by 'nobody', or with
permissions to let 'nobody' write to them, that's okay, but I think /var being
owned by 'nobody' will cause more problems than just for squid.
> root@t4240qds:/var/logs# ls -al /var/logs/access.log
> ls: cannot access /var/logs/access.log: No such file or directory
> root@t4240qds:/var/logs# ls -ld /var/logs
> drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs
Maybe someone more familiar with squid than I am can comment on this, but
isn't the log file opened before squid drops its privileges (same as the
network sockets), so you don't actually need the logfile path to be writable
by the squid_effective_user?
Regards,
Antony.
--
All generalisations are inaccurate.
Please reply to the list;
please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users