Oskar Pearson wrote:
> Things would be a lot safer if Squid got it's effective_user and
> effective_group from the command line. Squid would change uid
> immediately (before even reading the config files and acls.)
Not sure this would be the best approach to the problem.
In my opinion, if you don't want to have a Squid with root permissions
then you should not start it as root in the first place.
Simplest way to start Squid as a non-root user:
su squid -c /usr/local/squid/bin/squid -NY
(where -NY is any options you'd like to pass to Squid)
This of course does not work if Squid requires root access to acuire the
resources it needs (low ports or ICMP sockets). On some systems Squid
can be allowed to open such restricted ports even if not running as root
(see process capabilities in your OS documentation).
-- Henrik Nordstrom Spare time Squid hackerReceived on Sat May 15 1999 - 13:29:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:18 MST