Hey guys back at it. I expect that Linux issues are really a much bigger problem for me than squid!
I'm running into this problem now:
/var/run/squid3.pid: (13) Permission denied
I know it's a permission problem, but not sure the optimal way of fixing it.
I created user 'proxy' and group 'squid' to run squid:
sudo addgroup --system squidsudo adduser --system --no-create-home --group proxy squid
And I set up my build config accordingly:
--with-default-user=proxy
but 'proxy' does not have access to /var/run:
lrwxrwxrwx 1 root root /var/run
This explains why /var/run/squid3.pid cannot be written, but I'm not sure simply changing ownership of /var/run to 'proxy' is the best approach given that squid is not the only service that accesses that folder. I'm thinking that I should configure the build differently.
In order to see what configurations are used in the distro package, I installed it:
sudo apt-get install squid
and had a look at the output of:
squid3 -v
These setting are troubling for me:
--prefix=/usr--localstatedir=/var--with-swapdir=/var/spool/squid3--with-logdir=/var/log/squid3--with-pidfile=/var/run/squid3.pid--datadir=/usr/share/squid3--mandir=/usr/share/man'--sysconfdir=/etc--sysconfdir=/etc/squid3
Yes --sysconfdir is defined twice! Regardless of that, wouldn't it better to set them up this way:
--prefix=/usr--localstatedir=${prefix}/var--with-swapdir=${localstatedir}/spool/squid3--with-logdir=${localstatedir}/log/squid3--with-pidfile=${localstatedir}/run/squid3.pid--datadir=${prefix}/share/squid3--mandir=${prefix}/share/man'--sysconfdir=${prefix}/etc/squid3
I'm not positive about this directive:
--sysconfdir=${prefix}/etc/squid3
that may be better left as:
--sysconfdir=/etc/squid3
I am curious about the others though. If what I've said makes sense, I'll update my build config that way and make one more change:
--prefix=/proxy
Thanks
Deiter
On Mon, Sep 7, 2015 at 6:44 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 8/09/2015 10:10 a.m., Eliezer Croitoru wrote:
> Hey Howard,
>
> I forgot to mention that squid uses the directory "/var/run/squid" as
> the IPC directory which should be owned by the proxy or squid
> user(depends on the OS).
> From what you have mentioned squid tries to access some directory and is
> getting denied by permissions.
> Please Don't run squid with a "-n" option if possible, it will limit
> your options to using only one worker(which is the default and is OK in
> most basic cases).
No. The -N (upper case) means that. On Ubuntu the -N was needed for
Upstart integration (now defunct in the custom build).
Not to be confused with -n (lower case) which means a multi-tenant /
multi-instance named service is being used.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
