On Friday 18 July 2003 00.52, Adam Aube wrote:
> where some path is writeable by you. Note that you
> won't be able to bind Squid to a port lower than 1024,
> and you may encounter problems elsewhere. I've never
> tried this, so I can't guarantee the overall plan
> will work.
Not running Squid as root is generally recommenteded and will work
just fine.
If Squid is run as root then chroot_dir should also be used to take
advantage of the possibility of increased security. The use of
chroot_dir is basically the only valid motivation why Squid should be
started as root and secures Squid beyond what starting Squid as a
non-privileged user can do. (note however that the ability to use
"squid -k reconfigure" is lost in chroot_dir setups.. security comes
at a price)
Binding Squid to low ports is not a good reason why to have to start
Squid as root. There is no good reason why a proxy should need to run
on a low port, or why it should not be allowed to when started as a
non-root user on a dedicated proxy server.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Thu Jul 17 2003 - 17:12:28 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:10 MST