<div dir="ltr">I'll try that immediately, thanks! I appreciate all your advice; hopefully I won't have to reach out again :p<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 11, 2017 at 2:39 PM, Yuri <span dir="ltr"><<a href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <p>I'm not Linux fanboy, but modern squid never runs as root. So,
      most probably it runs as nobody user.</p>
    <p>Ah, yes:</p>
    <p>#  TAG: cache_effective_user<br>
      #    If you start Squid as root, it will change its effective/real<br>
      #    UID/GID to the user specified below.  The default is to
      change<br>
      #    to UID of nobody.<br>
      #    see also; cache_effective_group<br>
      #Default:<br>
      # cache_effective_user nobody<br>
      <br>
      #  TAG: cache_effective_group<br>
      #    Squid sets the GID to the effective user's default group ID<br>
      #    (taken from the password file) and supplementary group list<br>
      #    from the groups membership.<br>
      #<br>
      #    If you want Squid to run with a specific GID regardless of<br>
      #    the group memberships of the effective user then set this<br>
      #    to the group (or GID) you want Squid to run as. When set<br>
      #    all other group privileges of the effective user are ignored<br>
      #    and only this GID is effective. If Squid is not started as<br>
      #    root the user starting Squid MUST be member of the specified<br>
      #    group.<br>
      #<br>
      #    This option is not recommended by the Squid Team.<br>
      #    Our preference is for administrators to configure a secure<br>
      #    user account for squid with UID/GID matching system policies.<br>
      #Default:<br>
      # Use system group memberships of the cache_effective_user account<br>
    </p>
    <p>As documented. :)</p>
    <p>AFAIK best solution is create non-privileged group & user
      (like squid/squid) and set both this parameters explicity.</p>
    <p>Then change owner recursively on SSL cache to this user.<br>
    </p>
    <br>
    <div class="m_79739255208442972moz-cite-prefix">12.09.2017 0:36, Rohit Sodhia пишет:<br>
    </div><div><div class="h5">
    <blockquote type="cite">
      <div dir="ltr">Neither of those values are set in my config. Even
        though I'm not using squid for caching, I need those values?
        They aren't set in the default configs either.<br>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Mon, Sep 11, 2017 at 2:33 PM, Yuri <span dir="ltr"><<a href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF">
              <p>Most probably you squid runs as another user than
                squid.</p>
              <p>Check your squid.conf for cache_effective_user and
                cache_effective_group values.</p>
              <p>Then change SSL cache permissions to this values.
                Should work.<br>
              </p>
              <br>
              <div class="m_79739255208442972m_7407759860043048659moz-cite-prefix">12.09.2017
                0:30, Rohit Sodhia пишет:<br>
              </div>
              <div>
                <div class="m_79739255208442972h5">
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>Thanks for the feedback! I just used yum
                        (it's a CentOS 7 VB) and it set it up like that.
                        I changed the owner and group to squid:squid and
                        tried restarting squid, but still get the same
                        errors. I thought to run the command again, but
                        this time it says<br>
                        <br>
                        /usr/lib64/squid/ssl_crtd: Cannot create
                        /var/lib/ssl_db<br>
                        <br>
                      </div>
                      If this folder has incorrect permissions are there
                      possibly other permission issues?<br>
                    </div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Mon, Sep 11, 2017 at
                        2:25 PM, Yuri <span dir="ltr"><<a href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                          <div text="#000000" bgcolor="#FFFFFF">
                            <p>Here you root of problem.</p>
                            <p>Should be (on my setups):</p>
                            <p># ls -al /var/lib/ssl_db<br>
                              total 326<br>
                              drwxr-xr-x 3 squid squid      5 Sep  5
                              00:53 .<br>
                              drwxr-xr-x 8 root  other      8 Sep  5
                              00:53 ..<br>
                              drwxr-xr-x 2 squid squid    454 Sep 11
                              23:37 certs<br>
                              -rw-r--r-- 1 squid squid 280575 Sep 11
                              23:37 index.txt<br>
                              -rw-r--r-- 1 squid squid      7 Sep 11
                              23:37 size<br>
                            </p>
                            <p>I.e. Squid has no access to SSL cache dir
                              structures. <br>
                            </p>
                            <br>
                            <div class="m_79739255208442972m_7407759860043048659m_8619755247267626566moz-cite-prefix">12.09.2017
                              0:23, Rohit Sodhia пишет:<br>
                            </div>
                            <div>
                              <div class="m_79739255208442972m_7407759860043048659h5">
                                <blockquote type="cite">
                                  <div dir="ltr">total 8<br>
                                    drwxr-xr-x.  3 root root   48 Sep 11
                                    12:42 .<br>
                                    drwxr-xr-x. 32 root root 4096 Sep 11
                                    12:42 ..<br>
                                    drwxr-xr-x.  2 root root    6 Sep 11
                                    12:42 certs<br>
                                    -rw-r--r--.  1 root root    0 Sep 11
                                    12:42 index.txt<br>
                                    -rw-r--r--.  1 root root    1 Sep 11
                                    12:42 size<br>
                                    <br>
                                  </div>
                                  <div class="gmail_extra"><br>
                                    <div class="gmail_quote">On Mon, Sep
                                      11, 2017 at 2:22 PM, Yuri <span dir="ltr"><<a href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a>></span>
                                      wrote:<br>
                                      <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                        <div text="#000000" bgcolor="#FFFFFF">
                                          <p>Show output of <br>
                                          </p>
                                          <p>ls -al /var/lib/ssl_db</p>
                                          <br>
                                          <div class="m_79739255208442972m_7407759860043048659m_8619755247267626566m_551260681713239387moz-cite-prefix">12.09.2017
                                            0:21, Rohit Sodhia пишет:<br>
                                          </div>
                                          <div>
                                            <div class="m_79739255208442972m_7407759860043048659m_8619755247267626566h5">
                                              <blockquote type="cite">
                                                <div dir="ltr">Yes, but
                                                  telling me it's
                                                  crashing unfortunately
                                                  doesn't help me figure
                                                  out why or how to fix
                                                  it. I've run the
                                                  command it suggests
                                                  but it doesn't help.
                                                  I'm unfortunately not
                                                  an ops guy familiar
                                                  with this kind of
                                                  stuff; I don't see
                                                  anything on how to
                                                  figure out what to do
                                                  about it.<br>
                                                </div>
                                                <div class="gmail_extra"><br>
                                                  <div class="gmail_quote">On
                                                    Mon, Sep 11, 2017 at
                                                    2:17 PM, Yuri <span dir="ltr"><<a href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a>></span> wrote:<br>
                                                    <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It
                                                      tells you what's
                                                      happens.<br>
                                                      <br>
                                                      <br>
                                                      11.09.2017 23:50,
                                                      Rohit Sodhia
                                                      пишет:<br>
                                                      <div class="m_79739255208442972m_7407759860043048659m_8619755247267626566m_551260681713239387HOEnZb">
                                                        <div class="m_79739255208442972m_7407759860043048659m_8619755247267626566m_551260681713239387h5">>
                                                          (ssl_crtd):
                                                          Uninitialized
                                                          SSL
                                                          certificate
                                                          database
                                                          directory:<br>
                                                          >
                                                          /var/lib/ssl_db.
                                                          To initialize,
                                                          run "ssl_crtd
                                                          -c -s
                                                          /var/lib/ssl_db".<br>
                                                          <br>
                                                          <br>
                                                        </div>
                                                      </div>
                                                      <br>
______________________________<wbr>_________________<br>
                                                      squid-users
                                                      mailing list<br>
                                                      <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.<wbr>org</a><br>
                                                      <a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/l<wbr>istinfo/squid-users</a><br>
                                                      <br>
                                                    </blockquote>
                                                  </div>
                                                  <br>
                                                </div>
                                              </blockquote>
                                              <br>
                                            </div>
                                          </div>
                                        </div>
                                      </blockquote>
                                    </div>
                                    <br>
                                  </div>
                                </blockquote>
                                <br>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div>