Unfortunately, no luck yet. Thank you again for your help before. I found that the user squid and group squid existed already, so I added
cache_effective_user squid cache_effective_group squid to my config (first two lines), made sure /var/lib/ssl_db and it's contents were set to squid:squid and restarted the service, but I'm still getting the same error :( On Mon, Sep 11, 2017 at 2:42 PM, Rohit Sodhia <sodhia.ro...@gmail.com> wrote: > I'll try that immediately, thanks! I appreciate all your advice; hopefully > I won't have to reach out again :p > > On Mon, Sep 11, 2017 at 2:39 PM, Yuri <yvoi...@gmail.com> wrote: > >> I'm not Linux fanboy, but modern squid never runs as root. So, most >> probably it runs as nobody user. >> >> Ah, yes: >> >> # TAG: cache_effective_user >> # If you start Squid as root, it will change its effective/real >> # UID/GID to the user specified below. The default is to change >> # to UID of nobody. >> # see also; cache_effective_group >> #Default: >> # cache_effective_user nobody >> >> # TAG: cache_effective_group >> # Squid sets the GID to the effective user's default group ID >> # (taken from the password file) and supplementary group list >> # from the groups membership. >> # >> # If you want Squid to run with a specific GID regardless of >> # the group memberships of the effective user then set this >> # to the group (or GID) you want Squid to run as. When set >> # all other group privileges of the effective user are ignored >> # and only this GID is effective. If Squid is not started as >> # root the user starting Squid MUST be member of the specified >> # group. >> # >> # This option is not recommended by the Squid Team. >> # Our preference is for administrators to configure a secure >> # user account for squid with UID/GID matching system policies. >> #Default: >> # Use system group memberships of the cache_effective_user account >> >> As documented. :) >> >> AFAIK best solution is create non-privileged group & user (like >> squid/squid) and set both this parameters explicity. >> >> Then change owner recursively on SSL cache to this user. >> >> 12.09.2017 0:36, Rohit Sodhia пишет: >> >> Neither of those values are set in my config. Even though I'm not using >> squid for caching, I need those values? They aren't set in the default >> configs either. >> >> On Mon, Sep 11, 2017 at 2:33 PM, Yuri <yvoi...@gmail.com> wrote: >> >>> Most probably you squid runs as another user than squid. >>> >>> Check your squid.conf for cache_effective_user and cache_effective_group >>> values. >>> >>> Then change SSL cache permissions to this values. Should work. >>> >>> 12.09.2017 0:30, Rohit Sodhia пишет: >>> >>> Thanks for the feedback! I just used yum (it's a CentOS 7 VB) and it set >>> it up like that. I changed the owner and group to squid:squid and tried >>> restarting squid, but still get the same errors. I thought to run the >>> command again, but this time it says >>> >>> /usr/lib64/squid/ssl_crtd: Cannot create /var/lib/ssl_db >>> >>> If this folder has incorrect permissions are there possibly other >>> permission issues? >>> >>> On Mon, Sep 11, 2017 at 2:25 PM, Yuri <yvoi...@gmail.com> wrote: >>> >>>> Here you root of problem. >>>> >>>> Should be (on my setups): >>>> >>>> # ls -al /var/lib/ssl_db >>>> total 326 >>>> drwxr-xr-x 3 squid squid 5 Sep 5 00:53 . >>>> drwxr-xr-x 8 root other 8 Sep 5 00:53 .. >>>> drwxr-xr-x 2 squid squid 454 Sep 11 23:37 certs >>>> -rw-r--r-- 1 squid squid 280575 Sep 11 23:37 index.txt >>>> -rw-r--r-- 1 squid squid 7 Sep 11 23:37 size >>>> >>>> I.e. Squid has no access to SSL cache dir structures. >>>> >>>> 12.09.2017 0:23, Rohit Sodhia пишет: >>>> >>>> total 8 >>>> drwxr-xr-x. 3 root root 48 Sep 11 12:42 . >>>> drwxr-xr-x. 32 root root 4096 Sep 11 12:42 .. >>>> drwxr-xr-x. 2 root root 6 Sep 11 12:42 certs >>>> -rw-r--r--. 1 root root 0 Sep 11 12:42 index.txt >>>> -rw-r--r--. 1 root root 1 Sep 11 12:42 size >>>> >>>> >>>> On Mon, Sep 11, 2017 at 2:22 PM, Yuri <yvoi...@gmail.com> wrote: >>>> >>>>> Show output of >>>>> >>>>> ls -al /var/lib/ssl_db >>>>> >>>>> 12.09.2017 0:21, Rohit Sodhia пишет: >>>>> >>>>> Yes, but telling me it's crashing unfortunately doesn't help me figure >>>>> out why or how to fix it. I've run the command it suggests but it doesn't >>>>> help. I'm unfortunately not an ops guy familiar with this kind of stuff; I >>>>> don't see anything on how to figure out what to do about it. >>>>> >>>>> On Mon, Sep 11, 2017 at 2:17 PM, Yuri <yvoi...@gmail.com> wrote: >>>>> >>>>>> It tells you what's happens. >>>>>> >>>>>> >>>>>> 11.09.2017 23:50, Rohit Sodhia пишет: >>>>>> > (ssl_crtd): Uninitialized SSL certificate database directory: >>>>>> > /var/lib/ssl_db. To initialize, run "ssl_crtd -c -s >>>>>> /var/lib/ssl_db". >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> squid-users mailing list >>>>>> squid-users@lists.squid-cache.org >>>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
