root@t4240qds:~# chown -R nobody:nogroup /var/logs root@t4240qds:~# /usr/sbin/squid -k parse 2015/02/13 12:27:14| Startup: Initializing Authentication Schemes ... 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'basic' 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'digest' 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'negotiate' 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'ntlm' 2015/02/13 12:27:14| Startup: Initialized Authentication. 2015/02/13 12:27:14| Processing Configuration File: /etc/squid.conf (depth 0) 2015/02/13 12:27:14| Processing: cache_mgr priyaiitma...@gmail.com 2015/02/13 12:27:14| Processing: visible_hostname t4240qds 2015/02/13 12:27:14| Processing: cache_effective_user nobody 2015/02/13 12:27:14| Processing: dns_nameservers 8.8.8.8 2015/02/13 12:27:14| Processing: acl mynet src 10.116.65.0/24 2015/02/13 12:27:14| Processing: acl localnet src 10.0.0.0/8 # RFC1918 possible internal network 2015/02/13 12:27:14| Processing: acl localnet src 172.16.0.0/12 # RFC1918 possible internal network 2015/02/13 12:27:14| Processing: acl localnet src 192.168.0.0/16 # RFC1918 possible internal network 2015/02/13 12:27:14| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range 2015/02/13 12:27:14| Processing: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines 2015/02/13 12:27:14| Processing: acl SSL_ports port 443 2015/02/13 12:27:14| Processing: acl Safe_ports port 80 # http 2015/02/13 12:27:14| Processing: acl Safe_ports port 21 # ftp 2015/02/13 12:27:14| Processing: acl Safe_ports port 443 # https 2015/02/13 12:27:14| Processing: acl Safe_ports port 70 # gopher 2015/02/13 12:27:14| Processing: acl Safe_ports port 210 # wais 2015/02/13 12:27:14| Processing: acl Safe_ports port 1025-65535 # unregistered ports 2015/02/13 12:27:14| Processing: acl Safe_ports port 280 # http-mgmt 2015/02/13 12:27:14| Processing: acl Safe_ports port 488 # gss-http 2015/02/13 12:27:14| Processing: acl Safe_ports port 591 # filemaker 2015/02/13 12:27:14| Processing: acl Safe_ports port 777 # multiling http 2015/02/13 12:27:14| Processing: acl CONNECT method CONNECT 2015/02/13 12:27:14| Processing: http_access deny !Safe_ports 2015/02/13 12:27:14| Processing: http_access deny CONNECT !SSL_ports 2015/02/13 12:27:14| Processing: http_access allow localhost manager 2015/02/13 12:27:14| Processing: http_access deny manager 2015/02/13 12:27:14| Processing: http_access allow mynet 2015/02/13 12:27:14| Processing: http_access allow localnet 2015/02/13 12:27:14| Processing: http_access allow localhost 2015/02/13 12:27:14| Processing: http_access deny all 2015/02/13 12:27:14| Processing: http_port 10.116.65.155:8080 2015/02/13 12:27:14| Processing: cache_dir ufs /var/cache/squid 100 16 256 2015/02/13 12:27:14| Processing: coredump_dir /var/cache/squid 2015/02/13 12:27:14| Processing: refresh_pattern ^ftp: 1440 20% 10080 2015/02/13 12:27:14| Processing: refresh_pattern ^gopher: 1440 0% 1440 2015/02/13 12:27:14| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 2015/02/13 12:27:14| Processing: refresh_pattern . 0 20% 4320 WARNING: Cannot write log file: /var/logs/cache.log /var/logs/cache.log: Permission denied messages will be sent to 'stderr'. root@t4240qds:~# ls -ld /var/logs drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs
On Fri, Feb 13, 2015 at 5:12 PM, Priya Agarwal <priyaiitma...@gmail.com> wrote: > Then It is unable to write cache.log: > Here is the output: > > root@t4240qds:~# /usr/sbin/squid -k parse > 2015/02/13 12:27:14| Startup: Initializing Authentication Schemes ... > 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'basic' > 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'digest' > 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'negotiate' > 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'ntlm' > 2015/02/13 12:27:14| Startup: Initialized Authentication. > 2015/02/13 12:27:14| Processing Configuration File: /etc/squid.conf (depth > 0) > 2015/02/13 12:27:14| Processing: cache_mgr priyaiitma...@gmail.com > 2015/02/13 12:27:14| Processing: visible_hostname t4240qds > 2015/02/13 12:27:14| Processing: cache_effective_user nobody > 2015/02/13 12:27:14| Processing: dns_nameservers 8.8.8.8 > 2015/02/13 12:27:14| Processing: acl mynet src 10.116.65.0/24 > 2015/02/13 12:27:14| Processing: acl localnet src 10.0.0.0/8 # RFC1918 > possible internal network > 2015/02/13 12:27:14| Processing: acl localnet src 172.16.0.0/12 # > RFC1918 possible internal network > 2015/02/13 12:27:14| Processing: acl localnet src 192.168.0.0/16 # > RFC1918 possible internal network > 2015/02/13 12:27:14| Processing: acl localnet src fc00::/7 # RFC > 4193 local private network range > 2015/02/13 12:27:14| Processing: acl localnet src fe80::/10 # RFC > 4291 link-local (directly plugged) machines > 2015/02/13 12:27:14| Processing: acl SSL_ports port 443 > 2015/02/13 12:27:14| Processing: acl Safe_ports port 80 # http > 2015/02/13 12:27:14| Processing: acl Safe_ports port 21 # ftp > 2015/02/13 12:27:14| Processing: acl Safe_ports port 443 # https > 2015/02/13 12:27:14| Processing: acl Safe_ports port 70 # gopher > 2015/02/13 12:27:14| Processing: acl Safe_ports port 210 # wais > 2015/02/13 12:27:14| Processing: acl Safe_ports port 1025-65535 # > unregistered ports > 2015/02/13 12:27:14| Processing: acl Safe_ports port 280 # http-mgmt > 2015/02/13 12:27:14| Processing: acl Safe_ports port 488 # gss-http > 2015/02/13 12:27:14| Processing: acl Safe_ports port 591 # filemaker > 2015/02/13 12:27:14| Processing: acl Safe_ports port 777 # > multiling http > 2015/02/13 12:27:14| Processing: acl CONNECT method CONNECT > 2015/02/13 12:27:14| Processing: http_access deny !Safe_ports > 2015/02/13 12:27:14| Processing: http_access deny CONNECT !SSL_ports > 2015/02/13 12:27:14| Processing: http_access allow localhost manager > 2015/02/13 12:27:14| Processing: http_access deny manager > 2015/02/13 12:27:14| Processing: http_access allow mynet > 2015/02/13 12:27:14| Processing: http_access allow localnet > 2015/02/13 12:27:14| Processing: http_access allow localhost > 2015/02/13 12:27:14| Processing: http_access deny all > 2015/02/13 12:27:14| Processing: http_port 10.116.65.155:8080 > 2015/02/13 12:27:14| Processing: cache_dir ufs /var/cache/squid 100 16 256 > 2015/02/13 12:27:14| Processing: coredump_dir /var/cache/squid > 2015/02/13 12:27:14| Processing: refresh_pattern ^ftp: 1440 > 20% 10080 > 2015/02/13 12:27:14| Processing: refresh_pattern ^gopher: 1440 0% > 1440 > 2015/02/13 12:27:14| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 > 0% 0 > 2015/02/13 12:27:14| Processing: refresh_pattern . 0 20% 4320 > WARNING: Cannot write log file: /var/logs/cache.log > /var/logs/cache.log: Permission denied > messages will be sent to 'stderr'. > root@t4240qds:~# ls -ld /var/logs > drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs > > > > On Fri, Feb 13, 2015 at 5:04 PM, Antony Stone < > antony.st...@squid.open.source.it> wrote: > >> On Friday 13 Feb 2015 at 11:06, Priya Agarwal wrote: >> >> > So sorry. In squid.conf I had done cache_effective_user to nobody and >> set >> > permissions of /var and /usr to nobody. So those are the permissions. >> >> Are you saying that /var is owned by 'nobody'? >> >> That sounds like a problem for the system to me. /var should be owned by >> root; if you want to have subdirectories owned by 'nobody', or with >> permissions to let 'nobody' write to them, that's okay, but I think /var >> being >> owned by 'nobody' will cause more problems than just for squid. >> >> > root@t4240qds:/var/logs# ls -al /var/logs/access.log >> > ls: cannot access /var/logs/access.log: No such file or directory >> > root@t4240qds:/var/logs# ls -ld /var/logs >> > drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs >> >> Maybe someone more familiar with squid than I am can comment on this, but >> isn't the log file opened before squid drops its privileges (same as the >> network sockets), so you don't actually need the logfile path to be >> writable >> by the squid_effective_user? >> >> Regards, >> >> >> Antony. >> >> -- >> All generalisations are inaccurate. >> >> Please reply to the >> list; >> please *don't* >> CC me. >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users