<div dir="ltr">root@t4240qds:~# chown -R nobody:nogroup /var/logs<br>root@t4240qds:~# /usr/sbin/squid -k parse<br>2015/02/13 12:27:14| Startup: Initializing Authentication Schemes ...<br>2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'basic'<br>2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'digest'<br>2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'negotiate'<br>2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'ntlm'<br>2015/02/13 12:27:14| Startup: Initialized Authentication.<br>2015/02/13 12:27:14| Processing Configuration File: /etc/squid.conf (depth 0)<br>2015/02/13 12:27:14| Processing: cache_mgr <a href="mailto:priyaiitmandi@gmail.com">priyaiitmandi@gmail.com</a><br>2015/02/13 12:27:14| Processing: visible_hostname t4240qds<br>2015/02/13 12:27:14| Processing: cache_effective_user nobody<br>2015/02/13 12:27:14| Processing: dns_nameservers 8.8.8.8<br>2015/02/13 12:27:14| Processing: acl mynet src <a href="http://10.116.65.0/24">10.116.65.0/24</a><br>2015/02/13 12:27:14| Processing: acl localnet src <a href="http://10.0.0.0/8">10.0.0.0/8</a> # RFC1918 possible internal network<br>2015/02/13 12:27:14| Processing: acl localnet src <a href="http://172.16.0.0/12">172.16.0.0/12</a> # RFC1918 possible internal network<br>2015/02/13 12:27:14| Processing: acl localnet src <a href="http://192.168.0.0/16">192.168.0.0/16</a> # RFC1918 possible internal network<br>2015/02/13 12:27:14| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range<br>2015/02/13 12:27:14| Processing: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines<br>2015/02/13 12:27:14| Processing: acl SSL_ports port 443<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 80 # http<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 21 # ftp<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 443 # https<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 70 # gopher<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 210 # wais<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 1025-65535 # unregistered ports<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 280 # http-mgmt<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 488 # gss-http<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 591 # filemaker<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 777 # multiling http<br>2015/02/13 12:27:14| Processing: acl CONNECT method CONNECT<br>2015/02/13 12:27:14| Processing: http_access deny !Safe_ports<br>2015/02/13 12:27:14| Processing: http_access deny CONNECT !SSL_ports<br>2015/02/13 12:27:14| Processing: http_access allow localhost manager<br>2015/02/13 12:27:14| Processing: http_access deny manager<br>2015/02/13 12:27:14| Processing: http_access allow mynet<br>2015/02/13 12:27:14| Processing: http_access allow localnet<br>2015/02/13 12:27:14| Processing: http_access allow localhost<br>2015/02/13 12:27:14| Processing: http_access deny all<br>2015/02/13 12:27:14| Processing: http_port <a href="http://10.116.65.155:8080">10.116.65.155:8080</a><br>2015/02/13 12:27:14| Processing: cache_dir ufs /var/cache/squid 100 16 256<br>2015/02/13 12:27:14| Processing: coredump_dir /var/cache/squid<br>2015/02/13 12:27:14| Processing: refresh_pattern ^ftp: 1440 20% 10080<br>2015/02/13 12:27:14| Processing: refresh_pattern ^gopher: 1440 0% 1440<br>2015/02/13 12:27:14| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>2015/02/13 12:27:14| Processing: refresh_pattern . 0 20% 4320<br>WARNING: Cannot write log file: /var/logs/cache.log<br>/var/logs/cache.log: Permission denied<br> messages will be sent to 'stderr'.<br>root@t4240qds:~# ls -ld /var/logs <br>drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs<br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Feb 13, 2015 at 5:12 PM, Priya Agarwal <span dir="ltr"><<a href="mailto:priyaiitmandi@gmail.com" target="_blank">priyaiitmandi@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Then It is unable to write cache.log:<br></div>Here is the output:<br><br>root@t4240qds:~# /usr/sbin/squid -k parse<br>2015/02/13 12:27:14| Startup: Initializing Authentication Schemes ...<br>2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'basic'<br>2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'digest'<br>2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'negotiate'<br>2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'ntlm'<br>2015/02/13 12:27:14| Startup: Initialized Authentication.<br>2015/02/13 12:27:14| Processing Configuration File: /etc/squid.conf (depth 0)<br>2015/02/13 12:27:14| Processing: cache_mgr <a href="mailto:priyaiitmandi@gmail.com" target="_blank">priyaiitmandi@gmail.com</a><br>2015/02/13 12:27:14| Processing: visible_hostname t4240qds<br>2015/02/13 12:27:14| Processing: cache_effective_user nobody<br>2015/02/13 12:27:14| Processing: dns_nameservers 8.8.8.8<br>2015/02/13 12:27:14| Processing: acl mynet src <a href="http://10.116.65.0/24" target="_blank">10.116.65.0/24</a><br>2015/02/13 12:27:14| Processing: acl localnet src <a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a> # RFC1918 possible internal network<br>2015/02/13 12:27:14| Processing: acl localnet src <a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a> # RFC1918 possible internal network<br>2015/02/13 12:27:14| Processing: acl localnet src <a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a> # RFC1918 possible internal network<br>2015/02/13 12:27:14| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range<br>2015/02/13 12:27:14| Processing: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines<br>2015/02/13 12:27:14| Processing: acl SSL_ports port 443<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 80 # http<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 21 # ftp<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 443 # https<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 70 # gopher<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 210 # wais<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 1025-65535 # unregistered ports<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 280 # http-mgmt<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 488 # gss-http<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 591 # filemaker<br>2015/02/13 12:27:14| Processing: acl Safe_ports port 777 # multiling http<br>2015/02/13 12:27:14| Processing: acl CONNECT method CONNECT<br>2015/02/13 12:27:14| Processing: http_access deny !Safe_ports<br>2015/02/13 12:27:14| Processing: http_access deny CONNECT !SSL_ports<br>2015/02/13 12:27:14| Processing: http_access allow localhost manager<br>2015/02/13 12:27:14| Processing: http_access deny manager<br>2015/02/13 12:27:14| Processing: http_access allow mynet<br>2015/02/13 12:27:14| Processing: http_access allow localnet<br>2015/02/13 12:27:14| Processing: http_access allow localhost<br>2015/02/13 12:27:14| Processing: http_access deny all<br>2015/02/13 12:27:14| Processing: http_port <a href="http://10.116.65.155:8080" target="_blank">10.116.65.155:8080</a><br>2015/02/13 12:27:14| Processing: cache_dir ufs /var/cache/squid 100 16 256<br>2015/02/13 12:27:14| Processing: coredump_dir /var/cache/squid<br>2015/02/13 12:27:14| Processing: refresh_pattern ^ftp: 1440 20% 10080<br>2015/02/13 12:27:14| Processing: refresh_pattern ^gopher: 1440 0% 1440<br>2015/02/13 12:27:14| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>2015/02/13 12:27:14| Processing: refresh_pattern . 0 20% 4320<br>WARNING: Cannot write log file: /var/logs/cache.log<br>/var/logs/cache.log: Permission denied<br> messages will be sent to 'stderr'.<br>root@t4240qds:~# ls -ld /var/logs <br><span class="">drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs<br><br><br></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Feb 13, 2015 at 5:04 PM, Antony Stone <span dir="ltr"><<a href="mailto:Antony.Stone@squid.open.source.it" target="_blank">Antony.Stone@squid.open.source.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Friday 13 Feb 2015 at 11:06, Priya Agarwal wrote:<br>
<br>
> So sorry. In squid.conf I had done cache_effective_user to nobody and set<br>
> permissions of /var and /usr to nobody. So those are the permissions.<br>
<br>
</span>Are you saying that /var is owned by 'nobody'?<br>
<br>
That sounds like a problem for the system to me. /var should be owned by<br>
root; if you want to have subdirectories owned by 'nobody', or with<br>
permissions to let 'nobody' write to them, that's okay, but I think /var being<br>
owned by 'nobody' will cause more problems than just for squid.<br>
<span><br>
> root@t4240qds:/var/logs# ls -al /var/logs/access.log<br>
> ls: cannot access /var/logs/access.log: No such file or directory<br>
> root@t4240qds:/var/logs# ls -ld /var/logs<br>
> drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs<br>
<br>
</span>Maybe someone more familiar with squid than I am can comment on this, but<br>
isn't the log file opened before squid drops its privileges (same as the<br>
network sockets), so you don't actually need the logfile path to be writable<br>
by the squid_effective_user?<br>
<br>
Regards,<br>
<br>
<br>
Antony.<br>
<span><font color="#888888"><br>
--<br>
All generalisations are inaccurate.<br>
</font></span><div><div><br>
Please reply to the list;<br>
please *don't* CC me.<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>