'Re: [squid-users] squid 3.5 with auth and chroot'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] squid 3.5 with auth and chroot
From:       Jorgeley Junior <jorgeley () gmail ! com>
Date:       2015-07-24 15:01:29
Message-ID: CAMeoTHmv1_Z0CJaq7mgGnrRPtkuD90mftUT1Qg6B5zno65_kMw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


That's are good ideas, I'll try them.
Thanks!!!

2015-07-24 11:57 GMT-03:00 Amos Jeffries <squid3@treenet.co.nz>:

> On 25/07/2015 2:22 a.m., Jorgeley Junior wrote:
> > Thank you so much for the help.
>
> Cant be much help sorry. I'm just guessing here. Never actually run
> Squid in a chroot myself.
>
> > So, I use the directive 'chroot' in the squid.conf.
> > I start squid this way:
> > cd /etc/squid-3.5.6
> > sbin/squid
> > and it starts normally, but when I open the client browser and do an
> > authentication it logs the errors and don't authenticate, but the squid
> > doesn't stop running, just it logs the error and do not authenticate.
>
> I've just looked up what is displaying that error and why. It is more of
> the code wrongly using errno to display error text. So the message
> itself may be bogus, but some error is happening when fork()'ing and
> execv()'ing the helper process.
>
> Some things I think you should try;
>
> 1) configure Squid with the full non-chroot path of the binary in the
> auth_param line.
>
> 2) enter the chroot, downgrade yourself to the squid low-privilege user,
> then try running the helper. Thats whats Squid is doing.
>
> 3) try the chroot directive in squid.conf with a '/' on the end
>
> I'm out of ideas at this point. Apart from patching your squid to fix
> the errno usage in ipcCreate() just to see if some other error message
> appears. Sad thing about thtat is that I'm not sure what syscall is
> supposed to be error-reported there, quite a few happen in sequence.
>
> Amos
>
>


--

[Attachment #5 (text/html)]

<div dir="ltr"><div>That&#39;s are good ideas, I&#39;ll try \
them.<br></div>Thanks!!!<br></div><div class="gmail_extra"><br><div \
class="gmail_quote">2015-07-24 11:57 GMT-03:00 Amos Jeffries <span dir="ltr">&lt;<a \
href="mailto:squid3@treenet.co.nz" \
target="_blank">squid3@treenet.co.nz</a>&gt;</span>:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><span class="">On 25/07/2015 2:22 a.m., Jorgeley Junior \
wrote:<br> &gt; Thank you so much for the help.<br>
<br>
</span>Cant be much help sorry. I&#39;m just guessing here. Never actually run<br>
Squid in a chroot myself.<br>
<span class=""><br>
&gt; So, I use the directive &#39;chroot&#39; in the squid.conf.<br>
&gt; I start squid this way:<br>
&gt; cd /etc/squid-3.5.6<br>
&gt; sbin/squid<br>
&gt; and it starts normally, but when I open the client browser and do an<br>
&gt; authentication it logs the errors and don&#39;t authenticate, but the squid<br>
&gt; doesn&#39;t stop running, just it logs the error and do not authenticate.<br>
<br>
</span>I&#39;ve just looked up what is displaying that error and why. It is more \
of<br> the code wrongly using errno to display error text. So the message<br>
itself may be bogus, but some error is happening when fork()&#39;ing and<br>
execv()&#39;ing the helper process.<br>
<br>
Some things I think you should try;<br>
<br>
1) configure Squid with the full non-chroot path of the binary in the<br>
auth_param line.<br>
<br>
2) enter the chroot, downgrade yourself to the squid low-privilege user,<br>
then try running the helper. Thats whats Squid is doing.<br>
<br>
3) try the chroot directive in squid.conf with a &#39;/&#39; on the end<br>
<br>
I&#39;m out of ideas at this point. Apart from patching your squid to fix<br>
the errno usage in ipcCreate() just to see if some other error message<br>
appears. Sad thing about thtat is that I&#39;m not sure what syscall is<br>
supposed to be error-reported there, quite a few happen in sequence.<br>
<span class="HOEnZb"><font color="#888888"><br>
Amos<br>
<br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><div \
class="gmail_signature"><div style="text-align:left"><font \
size="4"><b><u><br></u></b></font></div><div style="text-align:left"><font \
size="4"><b><u><img src="https://lh6.googleusercontent.com/-xODPvbH2piQ/T6RqD0dqXjI/AA \
AAAAAAAPk/0I8Y3aq0mYM/h120/linuxano+assinatura+e-mail.png"><br></u></b></font></div></div>
 </div>


[Attachment #6 (text/plain)]

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic