[squid-users] logfileHandleWrite: daemon:/var/logs/access.log: error writing ((32) Broken pipe)

Priya Agarwal priyaiitmandi at gmail.com
Fri Feb 13 11:42:43 UTC 2015


Then It is unable to write cache.log:
Here is the output:

root at t4240qds:~# /usr/sbin/squid -k parse
2015/02/13 12:27:14| Startup: Initializing Authentication Schemes ...
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'basic'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'digest'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'negotiate'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'ntlm'
2015/02/13 12:27:14| Startup: Initialized Authentication.
2015/02/13 12:27:14| Processing Configuration File: /etc/squid.conf (depth
0)
2015/02/13 12:27:14| Processing: cache_mgr priyaiitmandi at gmail.com
2015/02/13 12:27:14| Processing: visible_hostname t4240qds
2015/02/13 12:27:14| Processing: cache_effective_user nobody
2015/02/13 12:27:14| Processing: dns_nameservers 8.8.8.8
2015/02/13 12:27:14| Processing: acl mynet src 10.116.65.0/24
2015/02/13 12:27:14| Processing: acl localnet src 10.0.0.0/8    # RFC1918
possible internal network
2015/02/13 12:27:14| Processing: acl localnet src 172.16.0.0/12    #
RFC1918 possible internal network
2015/02/13 12:27:14| Processing: acl localnet src 192.168.0.0/16    #
RFC1918 possible internal network
2015/02/13 12:27:14| Processing: acl localnet src fc00::/7       # RFC 4193
local private network range
2015/02/13 12:27:14| Processing: acl localnet src fe80::/10      # RFC 4291
link-local (directly plugged) machines
2015/02/13 12:27:14| Processing: acl SSL_ports port 443
2015/02/13 12:27:14| Processing: acl Safe_ports port 80        # http
2015/02/13 12:27:14| Processing: acl Safe_ports port 21        # ftp
2015/02/13 12:27:14| Processing: acl Safe_ports port 443        # https
2015/02/13 12:27:14| Processing: acl Safe_ports port 70        # gopher
2015/02/13 12:27:14| Processing: acl Safe_ports port 210        # wais
2015/02/13 12:27:14| Processing: acl Safe_ports port 1025-65535    #
unregistered ports
2015/02/13 12:27:14| Processing: acl Safe_ports port 280        # http-mgmt
2015/02/13 12:27:14| Processing: acl Safe_ports port 488        # gss-http
2015/02/13 12:27:14| Processing: acl Safe_ports port 591        # filemaker
2015/02/13 12:27:14| Processing: acl Safe_ports port 777        # multiling
http
2015/02/13 12:27:14| Processing: acl CONNECT method CONNECT
2015/02/13 12:27:14| Processing: http_access deny !Safe_ports
2015/02/13 12:27:14| Processing: http_access deny CONNECT !SSL_ports
2015/02/13 12:27:14| Processing: http_access allow localhost manager
2015/02/13 12:27:14| Processing: http_access deny manager
2015/02/13 12:27:14| Processing: http_access allow mynet
2015/02/13 12:27:14| Processing: http_access allow localnet
2015/02/13 12:27:14| Processing: http_access allow localhost
2015/02/13 12:27:14| Processing: http_access deny all
2015/02/13 12:27:14| Processing: http_port 10.116.65.155:8080
2015/02/13 12:27:14| Processing: cache_dir ufs /var/cache/squid 100 16 256
2015/02/13 12:27:14| Processing: coredump_dir /var/cache/squid
2015/02/13 12:27:14| Processing: refresh_pattern ^ftp:        1440
20%    10080
2015/02/13 12:27:14| Processing: refresh_pattern ^gopher:    1440    0%
1440
2015/02/13 12:27:14| Processing: refresh_pattern -i (/cgi-bin/|\?) 0
0%    0
2015/02/13 12:27:14| Processing: refresh_pattern .        0    20%    4320
WARNING: Cannot write log file: /var/logs/cache.log
/var/logs/cache.log: Permission denied
         messages will be sent to 'stderr'.
root at t4240qds:~# ls -ld /var/logs
drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs



On Fri, Feb 13, 2015 at 5:04 PM, Antony Stone <
Antony.Stone at squid.open.source.it> wrote:

> On Friday 13 Feb 2015 at 11:06, Priya Agarwal wrote:
>
> > So sorry. In squid.conf I had done cache_effective_user to nobody and set
> > permissions of /var and /usr to nobody. So those are the permissions.
>
> Are you saying that /var is owned by 'nobody'?
>
> That sounds like a problem for the system to me.  /var should be owned by
> root; if you want to have subdirectories owned by 'nobody', or with
> permissions to let 'nobody' write to them, that's okay, but I think /var
> being
> owned by 'nobody' will cause more problems than just for squid.
>
> > root at t4240qds:/var/logs# ls -al /var/logs/access.log
> > ls: cannot access /var/logs/access.log: No such file or directory
> > root at t4240qds:/var/logs# ls -ld /var/logs
> > drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs
>
> Maybe someone more familiar with squid than I am can comment on this, but
> isn't the log file opened before squid drops its privileges (same as the
> network sockets), so you don't actually need the logfile path to be
> writable
> by the squid_effective_user?
>
> Regards,
>
>
> Antony.
>
> --
> All generalisations are inaccurate.
>
>                                                    Please reply to the
> list;
>                                                          please *don't* CC
> me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150213/16363840/attachment-0002.html>


More information about the squid-users mailing list