Rafael / Amos -
I got my system up and running yesterday. Thanks so much for the help. I couldn't get some of the suggestions that Amos made to work, but they did after running some of the commands on Rafael's wiki, so a real team effort!
After getting it up and running, I found that mac address filtering was not working. On closer inspection I found that I was running v3.3.8. I guess that’s the version my new Ubuntu install (14.04.03 LTS) uses with:
I decided to try and build the latest version of squid from source and I ran into some more problems I cannot solve, so some follow up questions
Here are the problems:
I got my system up and running yesterday. Thanks so much for the help. I couldn't get some of the suggestions that Amos made to work, but they did after running some of the commands on Rafael's wiki, so a real team effort!
After getting it up and running, I found that mac address filtering was not working. On closer inspection I found that I was running v3.3.8. I guess that’s the version my new Ubuntu install (14.04.03 LTS) uses with:
sudo apt-get install squid
I decided to try and build the latest version of squid from source and I ran into some more problems I cannot solve, so some follow up questions
1) Earlier in the thread, Amos suggested I run:
apt-get build-dep squid
to install the packages needed to build squid. That’s just the dependencies though right; I still need the squid source code? Sorry if that seems obvious, just want to make sure I’m not missing something.
2) I downloaded squid-3.5.8.tar.xz. I captured the configure options from my current v3.3.8 squid install using:
squid3 -v
but it led to errors when building v3.5.8, for example:
'--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'.
I suppose it’s not surprising given it’s such an old version, so I went through them all and used the ones I thought made most sense for me. I got it to build. Here’s the squid3 -v output from my v3.5.8 build:
Squid Cache: Version 3.5.8Service Name: squidconfigure options: '--prefix=/mysquid' '--enable-arp-acl' '--localstatedir=/var' '--libexecdir=/lib/squid3' '--datadir=/share/squid3' '--sysconfdir=/etc/squid3' '--with-default-user=proxy' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--build=arm-linux-gnueabihf' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--srcdir=.' '--enable-basic-auth-helpers=DB' 'build_alias=arm-linux-gnueabihf'
a) I had to change the owner of /var/log/squid3 from root to proxy:
sudo chown proxy /var/log/squid3
Not a big deal I guess, but why can’t make install take care of the permissions?b) It doesn’t start as a service and there’s no squid file in:
/etc/init.d/
so I cannot make the DAEMON= and CONFIG= variables point at my custom /mysquid/sbin/squid and /etc/squid3/squid.conf (I’ll change the --sysconfdir config parameter to /mysquid/etc/squid3 in a future build)c) There’s no error when I run:
/mysquid/sbin/squid -k parse
but when I run:
/mysquid/sbin/squid -NCd1
I get:
FATAL: Ipc::Mem::Segment::create failed to shm_open(/squid-cf__metadata.shm): (13) Permission denied
It didn’t help to make the owner of the "squid-cf*" files to cache_effective_user as suggested in an online post:
-rw------- 1 proxy mysquid 8 Sep 7 09:31 /dev/shm/squid-cf__metadata.shm-rw------- 1 proxy mysquid 8216 Sep 7 09:31 /dev/shm/squid-cf__queues.shm-rw------- 1 proxy mysquid 44 Sep 7 09:31 /dev/shm/squid-cf__readers.shm
d) The configuration file:
/etc/squid3/squid.conf
is a lot different! For example I cannot find:
cache_effective_user
Thanks,Can you point me to the updated documentation for configuring squid?
Deiter
On Sun, Aug 30, 2015 at 12:15 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 31/08/2015 5:27 a.m., Howard Waterfall wrote:
> Thanks again, this is valuable information!
>
> As you may have guessed, I'm asking about the user that should do builds to
> ensure that the build outputs are created with the appropriate permissions
> - I get a little concerned about security. It sounds like you are
> suggesting that I simply create a directory for my custom builds:
>
> I assign the --prefix option to the folder I create, so my build output
> goes there, and then I make sure the permissions for that folder (and it's
> sub-directories) are set for the user defined by *cache_effective_user* (and
> the user defined by the ./configure option --*with-default-user*). Could
> you confirm?
Ah, no.
You set ownership of the /proxy folder to whoever amongst the local
machine user accounts you want to have the ability to build and alter
the custom Squid binaries etc. Pretty much Admin powers over Squid.
The make process should install the sub-folders with correct permissions
for the users that will be involved at run-time.
Running the init script / squid as root will take care of the rest.
[ "the rest" being:
The init script runs as root and starts the 'master process' with root
privileges. That process creates the run-time files and logs etc with
correct permissions for the effective-user account to access.
The effective-user account is the low-privilege one named in
--with-default-user and can read/exec the things it needs but not write
outside the few things the master has explicitly given it ownership of
(ie those run-time PID file, logs).
]
PS.
You do not need to work with both --with-default-user and
cache_effective_user. All the ./configure option does is set the
built-in cache_effective_user default value.
The intention was that you use the ./configure option and omit the
squid.conf option.
NP: if you find that /proxy/var/run or /proxy/var/run/squid is missing
(sometimes it is). Then create those with 777 permission and owner/group
of the Admin account.
>
> Finally (I hope), I've re-installed Ubuntu (various reasons, not just squid
> issues) and I successfully installed squid using:
> *sudo apt-get install squid3*
>
> Squid wasn't found the first time:
> *E: Unable to locate package squid3*
>
> I had to run this first:
> *sudo apt-get update*
>
> However, when I try *apt-get build-dep squid,* I get:
> *You must put some 'source' uris in your sources.list*
>
> I can't seem to get over this problem. I've un-commented every line in
> */etc/apt/sources.list* that starts with deb-src.
>
> Could you suggest a repository that I can add to */etc/apt/sources.list*?
It should be exactly the same as your normal "deb" sources.list line.
But with "deb-src" at the front. Usually the single line directly
underneath what you had uncommented before.
Mine looks like this:
deb http://ftp.debian.org/debian unstable main contrib
deb-src http://ftp.debian.org/debian unstable main contrib
Where I have "unstable" you would have the Ubuntu 14.04 version name
(trusty?). And different server of course.
Sorry for the vagueness there. I dont work directly with Ubuntu anymore.
The Ubuntu guys did a weird transition from squid3 to squid package
names and insisted on doing it well before the Squid-3 code could handle
the 2.7 upgrades. So things are a bit funky IMHO.
Anyhow, the source package name I think is still "squid3" which should
build the binary packages "squid" and "squid-common"
(then: dpkg --install squid-common_*.deb squid_*.deb ).
Amos
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
