tis 2007-02-13 klockan 11:31 +0530 skrev Logu:
> My quick analysis showed that the issue is caused by the capset() call in
> leave_suid(). Not sure how it affects creating the pid file, though this
> happens well before the leave_suid() call.
Squid starts leaving suid very early, then bounces back to root
momentarily to perform privileged actions.
I think I understand what happens here... if you have TPROXY enabled
Squid drops quite many capabilities to be able to keep some without
running as root. One of those capabilities dropped is CAP_FOWNER and as
result the pid file can only be created in directories owned by root.
You can verify if this is the cause by removing the enter/leave_suid
calls from tools.c writePidFile() and around the related safeunlink call
in main.c squidShutdown().
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST