On 29/10/2015 11:16 a.m., Darren Breeze ML wrote: > Hi all > > I have built squid 3.5.8 with yocto to run on an arm 7. > > This build of the OS seems to have different permissions for processes > opening sockets. THe DNS routine fails to open a socket with the > following error > > root@test:~# 2015/10/28 22:07:43 testing| Starting Squid Cache version > 3.5.8 for arm-poky-linux-gnueabi... > 2015/10/28 22:07:43 kid1| Service Name: squid > 2015/10/28 22:07:43 kid1| comm_open: socket failure: (13) Permission denied > 2015/10/28 22:07:43 kid1| comm_open: socket failure: (13) Permission denied > FATAL: Could not create a DNS socket > > It looks like I would have to either run squid as a user that can do > this or change this underlying permissions setting in the OS. > > I would rather fix the OS rather than run squid as root. Firstly, since this is Linux ensure you are building Squid with libcap2 support. Squid actually uses capabilities when possible. Secondly, *Starting* Squid as root does not mean it stays that way. Squid is actually a pair of processes, one daemon manager and a daemon. You need to start the main "squid" binary as root so the daemon manager can do the root things before it drops down to a low-privilege account for the regular operations. That low-privilege account is set by whichever of these is found first (in this order): * the value in squid.conf cache_effective_user * the username X specified in --with-default-user=X * upstream default: "nobody" Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
