Wait. Squid 3.5.20? So ancient?
12.09.2017 1:58, Rohit Sodhia пишет: > sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB > > I used the line from the Stack Overflow question I linked earlier. > > On Mon, Sep 11, 2017 at 3:41 PM, Yuri <yvoi...@gmail.com > <mailto:yvoi...@gmail.com>> wrote: > > Well. Let's check more deep. > > Show me parameter sslcrtd_program in your squid.conf > > > 12.09.2017 1:23, Rohit Sodhia пишет: >> Unfortunately, no luck yet. Thank you again for your help before. >> >> I found that the user squid and group squid existed already, so I >> added >> >> cache_effective_user squid >> cache_effective_group squid >> >> to my config (first two lines), made sure /var/lib/ssl_db and >> it's contents were set to squid:squid and restarted the service, >> but I'm still getting the same error :( >> >> On Mon, Sep 11, 2017 at 2:42 PM, Rohit Sodhia >> <sodhia.ro...@gmail.com <mailto:sodhia.ro...@gmail.com>> wrote: >> >> I'll try that immediately, thanks! I appreciate all your >> advice; hopefully I won't have to reach out again :p >> >> On Mon, Sep 11, 2017 at 2:39 PM, Yuri <yvoi...@gmail.com >> <mailto:yvoi...@gmail.com>> wrote: >> >> I'm not Linux fanboy, but modern squid never runs as >> root. So, most probably it runs as nobody user. >> >> Ah, yes: >> >> # TAG: cache_effective_user >> # If you start Squid as root, it will change its >> effective/real >> # UID/GID to the user specified below. The default is >> to change >> # to UID of nobody. >> # see also; cache_effective_group >> #Default: >> # cache_effective_user nobody >> >> # TAG: cache_effective_group >> # Squid sets the GID to the effective user's default >> group ID >> # (taken from the password file) and supplementary >> group list >> # from the groups membership. >> # >> # If you want Squid to run with a specific GID >> regardless of >> # the group memberships of the effective user then set >> this >> # to the group (or GID) you want Squid to run as. When set >> # all other group privileges of the effective user are >> ignored >> # and only this GID is effective. If Squid is not >> started as >> # root the user starting Squid MUST be member of the >> specified >> # group. >> # >> # This option is not recommended by the Squid Team. >> # Our preference is for administrators to configure a >> secure >> # user account for squid with UID/GID matching system >> policies. >> #Default: >> # Use system group memberships of the >> cache_effective_user account >> >> As documented. :) >> >> AFAIK best solution is create non-privileged group & user >> (like squid/squid) and set both this parameters explicity. >> >> Then change owner recursively on SSL cache to this user. >> >> >> 12.09.2017 0:36, Rohit Sodhia пишет: >>> Neither of those values are set in my config. Even >>> though I'm not using squid for caching, I need those >>> values? They aren't set in the default configs either. >>> >>> On Mon, Sep 11, 2017 at 2:33 PM, Yuri <yvoi...@gmail.com >>> <mailto:yvoi...@gmail.com>> wrote: >>> >>> Most probably you squid runs as another user than squid. >>> >>> Check your squid.conf for cache_effective_user and >>> cache_effective_group values. >>> >>> Then change SSL cache permissions to this values. >>> Should work. >>> >>> >>> 12.09.2017 0:30, Rohit Sodhia пишет: >>>> Thanks for the feedback! I just used yum (it's a >>>> CentOS 7 VB) and it set it up like that. I changed >>>> the owner and group to squid:squid and tried >>>> restarting squid, but still get the same errors. I >>>> thought to run the command again, but this time it says >>>> >>>> /usr/lib64/squid/ssl_crtd: Cannot create >>>> /var/lib/ssl_db >>>> >>>> If this folder has incorrect permissions are there >>>> possibly other permission issues? >>>> >>>> On Mon, Sep 11, 2017 at 2:25 PM, Yuri >>>> <yvoi...@gmail.com <mailto:yvoi...@gmail.com>> wrote: >>>> >>>> Here you root of problem. >>>> >>>> Should be (on my setups): >>>> >>>> # ls -al /var/lib/ssl_db >>>> total 326 >>>> drwxr-xr-x 3 squid squid 5 Sep 5 00:53 . >>>> drwxr-xr-x 8 root other 8 Sep 5 00:53 .. >>>> drwxr-xr-x 2 squid squid 454 Sep 11 23:37 certs >>>> -rw-r--r-- 1 squid squid 280575 Sep 11 23:37 >>>> index.txt >>>> -rw-r--r-- 1 squid squid 7 Sep 11 23:37 size >>>> >>>> I.e. Squid has no access to SSL cache dir >>>> structures. >>>> >>>> >>>> 12.09.2017 0:23, Rohit Sodhia пишет: >>>>> total 8 >>>>> drwxr-xr-x. 3 root root 48 Sep 11 12:42 . >>>>> drwxr-xr-x. 32 root root 4096 Sep 11 12:42 .. >>>>> drwxr-xr-x. 2 root root 6 Sep 11 12:42 certs >>>>> -rw-r--r--. 1 root root 0 Sep 11 12:42 >>>>> index.txt >>>>> -rw-r--r--. 1 root root 1 Sep 11 12:42 size >>>>> >>>>> >>>>> On Mon, Sep 11, 2017 at 2:22 PM, Yuri >>>>> <yvoi...@gmail.com <mailto:yvoi...@gmail.com>> >>>>> wrote: >>>>> >>>>> Show output of >>>>> >>>>> ls -al /var/lib/ssl_db >>>>> >>>>> >>>>> 12.09.2017 0:21, Rohit Sodhia пишет: >>>>>> Yes, but telling me it's crashing >>>>>> unfortunately doesn't help me figure out >>>>>> why or how to fix it. I've run the >>>>>> command it suggests but it doesn't help. >>>>>> I'm unfortunately not an ops guy familiar >>>>>> with this kind of stuff; I don't see >>>>>> anything on how to figure out what to do >>>>>> about it. >>>>>> >>>>>> On Mon, Sep 11, 2017 at 2:17 PM, Yuri >>>>>> <yvoi...@gmail.com >>>>>> <mailto:yvoi...@gmail.com>> wrote: >>>>>> >>>>>> It tells you what's happens. >>>>>> >>>>>> >>>>>> 11.09.2017 23:50, Rohit Sodhia пишет: >>>>>> > (ssl_crtd): Uninitialized SSL >>>>>> certificate database directory: >>>>>> > /var/lib/ssl_db. To initialize, run >>>>>> "ssl_crtd -c -s /var/lib/ssl_db". >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> squid-users mailing list >>>>>> squid-users@lists.squid-cache.org >>>>>> <mailto:squid-users@lists.squid-cache.org> >>>>>> >>>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>> >>>>>> <http://lists.squid-cache.org/listinfo/squid-users> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> >> > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
