Re: [squid-users] Problem writing squid PID file when tproxyisenabled.

From: Henrik Nordstrom <[email protected]>
Date: Thu, 15 Feb 2007 13:28:48 +0100

ons 2007-02-14 klockan 11:23 +0530 skrev Logu:
> >> My quick analysis showed that the issue is caused by the capset() call in
> >> leave_suid(). Not sure how it affects creating the pid file, though this
> >> happens well before the leave_suid() call.
>
> > Squid starts leaving suid very early, then bounces back to root
> > momentarily to perform privileged actions.
>
> > I think I understand what happens here... if you have TPROXY enabled
> > Squid drops quite many capabilities to be able to keep some without
> > running as root. One of those capabilities dropped is CAP_FOWNER and as
> > result the pid file can only be created in directories owned by root.
>
> > You can verify if this is the cause by removing the enter/leave_suid
> > calls from tools.c writePidFile() and around the related safeunlink call
> > in main.c squidShutdown().
>
> Commenting out enter_suid() in writePidFile() is able to create the PID
> file.
> On the other side, obviously if the directory holding the PID file is owned
> by root (like /var/run in Redhat) then the same type of problem would occur.

Thanks. Please file a bug report with this information (problem
description, my guess to the cause and your validation)

Regards
Henrik

Received on Thu Feb 15 2007 - 05:28:53 MST

This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST