[prev in list] [next in list] [prev in thread] [next in thread]
List: squid-users
Subject: Re: [squid-users] squid 3.5 with auth and chroot
From: Jorgeley Junior <jorgeley () gmail ! com>
Date: 2015-07-24 15:01:29
Message-ID: CAMeoTHmv1_Z0CJaq7mgGnrRPtkuD90mftUT1Qg6B5zno65_kMw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
That's are good ideas, I'll try them.
Thanks!!!
2015-07-24 11:57 GMT-03:00 Amos Jeffries <squid3@treenet.co.nz>:
> On 25/07/2015 2:22 a.m., Jorgeley Junior wrote:
> > Thank you so much for the help.
>
> Cant be much help sorry. I'm just guessing here. Never actually run
> Squid in a chroot myself.
>
> > So, I use the directive 'chroot' in the squid.conf.
> > I start squid this way:
> > cd /etc/squid-3.5.6
> > sbin/squid
> > and it starts normally, but when I open the client browser and do an
> > authentication it logs the errors and don't authenticate, but the squid
> > doesn't stop running, just it logs the error and do not authenticate.
>
> I've just looked up what is displaying that error and why. It is more of
> the code wrongly using errno to display error text. So the message
> itself may be bogus, but some error is happening when fork()'ing and
> execv()'ing the helper process.
>
> Some things I think you should try;
>
> 1) configure Squid with the full non-chroot path of the binary in the
> auth_param line.
>
> 2) enter the chroot, downgrade yourself to the squid low-privilege user,
> then try running the helper. Thats whats Squid is doing.
>
> 3) try the chroot directive in squid.conf with a '/' on the end
>
> I'm out of ideas at this point. Apart from patching your squid to fix
> the errno usage in ipcCreate() just to see if some other error message
> appears. Sad thing about thtat is that I'm not sure what syscall is
> supposed to be error-reported there, quite a few happen in sequence.
>
> Amos
>
>
--
[Attachment #5 (text/html)]
<div dir="ltr"><div>That's are good ideas, I'll try \
them.<br></div>Thanks!!!<br></div><div class="gmail_extra"><br><div \
class="gmail_quote">2015-07-24 11:57 GMT-03:00 Amos Jeffries <span dir="ltr"><<a \
href="mailto:squid3@treenet.co.nz" \
target="_blank">squid3@treenet.co.nz</a>></span>:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><span class="">On 25/07/2015 2:22 a.m., Jorgeley Junior \
wrote:<br> > Thank you so much for the help.<br>
<br>
</span>Cant be much help sorry. I'm just guessing here. Never actually run<br>
Squid in a chroot myself.<br>
<span class=""><br>
> So, I use the directive 'chroot' in the squid.conf.<br>
> I start squid this way:<br>
> cd /etc/squid-3.5.6<br>
> sbin/squid<br>
> and it starts normally, but when I open the client browser and do an<br>
> authentication it logs the errors and don't authenticate, but the squid<br>
> doesn't stop running, just it logs the error and do not authenticate.<br>
<br>
</span>I've just looked up what is displaying that error and why. It is more \
of<br> the code wrongly using errno to display error text. So the message<br>
itself may be bogus, but some error is happening when fork()'ing and<br>
execv()'ing the helper process.<br>
<br>
Some things I think you should try;<br>
<br>
1) configure Squid with the full non-chroot path of the binary in the<br>
auth_param line.<br>
<br>
2) enter the chroot, downgrade yourself to the squid low-privilege user,<br>
then try running the helper. Thats whats Squid is doing.<br>
<br>
3) try the chroot directive in squid.conf with a '/' on the end<br>
<br>
I'm out of ideas at this point. Apart from patching your squid to fix<br>
the errno usage in ipcCreate() just to see if some other error message<br>
appears. Sad thing about thtat is that I'm not sure what syscall is<br>
supposed to be error-reported there, quite a few happen in sequence.<br>
<span class="HOEnZb"><font color="#888888"><br>
Amos<br>
<br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><div \
class="gmail_signature"><div style="text-align:left"><font \
size="4"><b><u><br></u></b></font></div><div style="text-align:left"><font \
size="4"><b><u><img src="https://lh6.googleusercontent.com/-xODPvbH2piQ/T6RqD0dqXjI/AA \
AAAAAAAPk/0I8Y3aq0mYM/h120/linuxano+assinatura+e-mail.png"><br></u></b></font></div></div>
</div>
[Attachment #6 (text/plain)]
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic