<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I'm not Linux fanboy, but modern squid never runs as root. So,
most probably it runs as nobody user.</p>
<p>Ah, yes:</p>
<p># TAG: cache_effective_user<br>
# If you start Squid as root, it will change its effective/real<br>
# UID/GID to the user specified below. The default is to
change<br>
# to UID of nobody.<br>
# see also; cache_effective_group<br>
#Default:<br>
# cache_effective_user nobody<br>
<br>
# TAG: cache_effective_group<br>
# Squid sets the GID to the effective user's default group ID<br>
# (taken from the password file) and supplementary group list<br>
# from the groups membership.<br>
#<br>
# If you want Squid to run with a specific GID regardless of<br>
# the group memberships of the effective user then set this<br>
# to the group (or GID) you want Squid to run as. When set<br>
# all other group privileges of the effective user are ignored<br>
# and only this GID is effective. If Squid is not started as<br>
# root the user starting Squid MUST be member of the specified<br>
# group.<br>
#<br>
# This option is not recommended by the Squid Team.<br>
# Our preference is for administrators to configure a secure<br>
# user account for squid with UID/GID matching system policies.<br>
#Default:<br>
# Use system group memberships of the cache_effective_user account<br>
</p>
<p>As documented. :)</p>
<p>AFAIK best solution is create non-privileged group & user
(like squid/squid) and set both this parameters explicity.</p>
<p>Then change owner recursively on SSL cache to this user.<br>
</p>
<br>
<div class="moz-cite-prefix">12.09.2017 0:36, Rohit Sodhia пишет:<br>
</div>
<blockquote type="cite"
cite="mid:CAN1w9tf0+h6W_T4kn49_70rexuQ6=Wy9hgTbE2mTPANE-hh3oQ@mail.gmail.com">
<div dir="ltr">Neither of those values are set in my config. Even
though I'm not using squid for caching, I need those values?
They aren't set in the default configs either.<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Sep 11, 2017 at 2:33 PM, Yuri <span
dir="ltr"><<a href="mailto:yvoinov@gmail.com"
target="_blank" moz-do-not-send="true">yvoinov@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Most probably you squid runs as another user than
squid.</p>
<p>Check your squid.conf for cache_effective_user and
cache_effective_group values.</p>
<p>Then change SSL cache permissions to this values.
Should work.<br>
</p>
<br>
<div class="m_7407759860043048659moz-cite-prefix">12.09.2017
0:30, Rohit Sodhia пишет:<br>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<div dir="ltr">
<div>Thanks for the feedback! I just used yum
(it's a CentOS 7 VB) and it set it up like that.
I changed the owner and group to squid:squid and
tried restarting squid, but still get the same
errors. I thought to run the command again, but
this time it says<br>
<br>
/usr/lib64/squid/ssl_crtd: Cannot create
/var/lib/ssl_db<br>
<br>
</div>
If this folder has incorrect permissions are there
possibly other permission issues?<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Sep 11, 2017 at
2:25 PM, Yuri <span dir="ltr"><<a
href="mailto:yvoinov@gmail.com"
target="_blank" moz-do-not-send="true">yvoinov@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Here you root of problem.</p>
<p>Should be (on my setups):</p>
<p># ls -al /var/lib/ssl_db<br>
total 326<br>
drwxr-xr-x 3 squid squid 5 Sep 5
00:53 .<br>
drwxr-xr-x 8 root other 8 Sep 5
00:53 ..<br>
drwxr-xr-x 2 squid squid 454 Sep 11
23:37 certs<br>
-rw-r--r-- 1 squid squid 280575 Sep 11
23:37 index.txt<br>
-rw-r--r-- 1 squid squid 7 Sep 11
23:37 size<br>
</p>
<p>I.e. Squid has no access to SSL cache dir
structures. <br>
</p>
<br>
<div
class="m_7407759860043048659m_8619755247267626566moz-cite-prefix">12.09.2017
0:23, Rohit Sodhia пишет:<br>
</div>
<div>
<div class="m_7407759860043048659h5">
<blockquote type="cite">
<div dir="ltr">total 8<br>
drwxr-xr-x. 3 root root 48 Sep 11
12:42 .<br>
drwxr-xr-x. 32 root root 4096 Sep 11
12:42 ..<br>
drwxr-xr-x. 2 root root 6 Sep 11
12:42 certs<br>
-rw-r--r--. 1 root root 0 Sep 11
12:42 index.txt<br>
-rw-r--r--. 1 root root 1 Sep 11
12:42 size<br>
<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Sep
11, 2017 at 2:22 PM, Yuri <span
dir="ltr"><<a
href="mailto:yvoinov@gmail.com"
target="_blank"
moz-do-not-send="true">yvoinov@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000"
bgcolor="#FFFFFF">
<p>Show output of <br>
</p>
<p>ls -al /var/lib/ssl_db</p>
<br>
<div
class="m_7407759860043048659m_8619755247267626566m_551260681713239387moz-cite-prefix">12.09.2017
0:21, Rohit Sodhia пишет:<br>
</div>
<div>
<div
class="m_7407759860043048659m_8619755247267626566h5">
<blockquote type="cite">
<div dir="ltr">Yes, but
telling me it's
crashing unfortunately
doesn't help me figure
out why or how to fix
it. I've run the
command it suggests
but it doesn't help.
I'm unfortunately not
an ops guy familiar
with this kind of
stuff; I don't see
anything on how to
figure out what to do
about it.<br>
</div>
<div class="gmail_extra"><br>
<div
class="gmail_quote">On
Mon, Sep 11, 2017 at
2:17 PM, Yuri <span
dir="ltr"><<a
href="mailto:yvoinov@gmail.com"
target="_blank"
moz-do-not-send="true">yvoinov@gmail.com</a>></span> wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0
0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">It
tells you what's
happens.<br>
<br>
<br>
11.09.2017 23:50,
Rohit Sodhia
пишет:<br>
<div
class="m_7407759860043048659m_8619755247267626566m_551260681713239387HOEnZb">
<div
class="m_7407759860043048659m_8619755247267626566m_551260681713239387h5">>
(ssl_crtd):
Uninitialized
SSL
certificate
database
directory:<br>
>
/var/lib/ssl_db.
To initialize,
run "ssl_crtd
-c -s
/var/lib/ssl_db".<br>
<br>
<br>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
squid-users
mailing list<br>
<a
href="mailto:squid-users@lists.squid-cache.org"
target="_blank"
moz-do-not-send="true">squid-users@lists.squid-cache.<wbr>org</a><br>
<a
href="http://lists.squid-cache.org/listinfo/squid-users"
rel="noreferrer"
target="_blank"
moz-do-not-send="true">http://lists.squid-cache.org/l<wbr>istinfo/squid-users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>