On 8/10/18 7:09 AM, reinerotto wrote: > At least, I have a good reason: Running squid on openwrt, where usually all > processes are root. That does not sound right to me. OpenWRT is a Linux based operating system. The security model in Linux systems is to *not* run processes as root user unless absolutely necessary. The Squid master process is started *by* root because it must be assigned some SUID privileges to special network sockets and to sub-assign regular privileges to the worker and helper processes that do the actual networking I/O stuff. > And external acl-helpers will not work, when started as nobody and trying to > run other processes. > Any answer to the original question ? > The Squid worker and helper processes handle raw I/O from remote network locations which cannot be trusted. It is extremely unsafe to run any process handling such I/O with root level privileges. Helpers do not have to be started as "nobody". They can be run as any low-privilege account. "root" account is not low-privilege enough. So the simple answer to your question is "no". But your problem may not be what you think it is. Is there anything you can provide about any error you are seeing when starting Squid? Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
