I'm not Linux fanboy, but modern squid never runs as root. So, most probably it runs as nobody user.
Ah, yes: # TAG: cache_effective_user # If you start Squid as root, it will change its effective/real # UID/GID to the user specified below. The default is to change # to UID of nobody. # see also; cache_effective_group #Default: # cache_effective_user nobody # TAG: cache_effective_group # Squid sets the GID to the effective user's default group ID # (taken from the password file) and supplementary group list # from the groups membership. # # If you want Squid to run with a specific GID regardless of # the group memberships of the effective user then set this # to the group (or GID) you want Squid to run as. When set # all other group privileges of the effective user are ignored # and only this GID is effective. If Squid is not started as # root the user starting Squid MUST be member of the specified # group. # # This option is not recommended by the Squid Team. # Our preference is for administrators to configure a secure # user account for squid with UID/GID matching system policies. #Default: # Use system group memberships of the cache_effective_user account As documented. :) AFAIK best solution is create non-privileged group & user (like squid/squid) and set both this parameters explicity. Then change owner recursively on SSL cache to this user. 12.09.2017 0:36, Rohit Sodhia пишет: > Neither of those values are set in my config. Even though I'm not > using squid for caching, I need those values? They aren't set in the > default configs either. > > On Mon, Sep 11, 2017 at 2:33 PM, Yuri <yvoi...@gmail.com > <mailto:yvoi...@gmail.com>> wrote: > > Most probably you squid runs as another user than squid. > > Check your squid.conf for cache_effective_user and > cache_effective_group values. > > Then change SSL cache permissions to this values. Should work. > > > 12.09.2017 0:30, Rohit Sodhia пишет: >> Thanks for the feedback! I just used yum (it's a CentOS 7 VB) and >> it set it up like that. I changed the owner and group to >> squid:squid and tried restarting squid, but still get the same >> errors. I thought to run the command again, but this time it says >> >> /usr/lib64/squid/ssl_crtd: Cannot create /var/lib/ssl_db >> >> If this folder has incorrect permissions are there possibly other >> permission issues? >> >> On Mon, Sep 11, 2017 at 2:25 PM, Yuri <yvoi...@gmail.com >> <mailto:yvoi...@gmail.com>> wrote: >> >> Here you root of problem. >> >> Should be (on my setups): >> >> # ls -al /var/lib/ssl_db >> total 326 >> drwxr-xr-x 3 squid squid 5 Sep 5 00:53 . >> drwxr-xr-x 8 root other 8 Sep 5 00:53 .. >> drwxr-xr-x 2 squid squid 454 Sep 11 23:37 certs >> -rw-r--r-- 1 squid squid 280575 Sep 11 23:37 index.txt >> -rw-r--r-- 1 squid squid 7 Sep 11 23:37 size >> >> I.e. Squid has no access to SSL cache dir structures. >> >> >> 12.09.2017 0:23, Rohit Sodhia пишет: >>> total 8 >>> drwxr-xr-x. 3 root root 48 Sep 11 12:42 . >>> drwxr-xr-x. 32 root root 4096 Sep 11 12:42 .. >>> drwxr-xr-x. 2 root root 6 Sep 11 12:42 certs >>> -rw-r--r--. 1 root root 0 Sep 11 12:42 index.txt >>> -rw-r--r--. 1 root root 1 Sep 11 12:42 size >>> >>> >>> On Mon, Sep 11, 2017 at 2:22 PM, Yuri <yvoi...@gmail.com >>> <mailto:yvoi...@gmail.com>> wrote: >>> >>> Show output of >>> >>> ls -al /var/lib/ssl_db >>> >>> >>> 12.09.2017 0:21, Rohit Sodhia пишет: >>>> Yes, but telling me it's crashing unfortunately doesn't >>>> help me figure out why or how to fix it. I've run the >>>> command it suggests but it doesn't help. I'm >>>> unfortunately not an ops guy familiar with this kind of >>>> stuff; I don't see anything on how to figure out what >>>> to do about it. >>>> >>>> On Mon, Sep 11, 2017 at 2:17 PM, Yuri >>>> <yvoi...@gmail.com <mailto:yvoi...@gmail.com>> wrote: >>>> >>>> It tells you what's happens. >>>> >>>> >>>> 11.09.2017 23:50, Rohit Sodhia пишет: >>>> > (ssl_crtd): Uninitialized SSL certificate >>>> database directory: >>>> > /var/lib/ssl_db. To initialize, run "ssl_crtd -c >>>> -s /var/lib/ssl_db". >>>> >>>> >>>> >>>> _______________________________________________ >>>> squid-users mailing list >>>> squid-users@lists.squid-cache.org >>>> <mailto:squid-users@lists.squid-cache.org> >>>> http://lists.squid-cache.org/listinfo/squid-users >>>> <http://lists.squid-cache.org/listinfo/squid-users> >>>> >>>> >>> >>> >> >> > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
