[squid-users] logfileHandleWrite: daemon:/var/logs/access.log: error writing ((32) Broken pipe)
Priya Agarwal
priyaiitmandi at gmail.com
Fri Feb 13 11:45:18 UTC 2015
root at t4240qds:~# chown -R nobody:nogroup /var/logs
root at t4240qds:~# /usr/sbin/squid -k parse
2015/02/13 12:27:14| Startup: Initializing Authentication Schemes ...
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'basic'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'digest'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'negotiate'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'ntlm'
2015/02/13 12:27:14| Startup: Initialized Authentication.
2015/02/13 12:27:14| Processing Configuration File: /etc/squid.conf (depth
0)
2015/02/13 12:27:14| Processing: cache_mgr priyaiitmandi at gmail.com
2015/02/13 12:27:14| Processing: visible_hostname t4240qds
2015/02/13 12:27:14| Processing: cache_effective_user nobody
2015/02/13 12:27:14| Processing: dns_nameservers 8.8.8.8
2015/02/13 12:27:14| Processing: acl mynet src 10.116.65.0/24
2015/02/13 12:27:14| Processing: acl localnet src 10.0.0.0/8 # RFC1918
possible internal network
2015/02/13 12:27:14| Processing: acl localnet src 172.16.0.0/12 #
RFC1918 possible internal network
2015/02/13 12:27:14| Processing: acl localnet src 192.168.0.0/16 #
RFC1918 possible internal network
2015/02/13 12:27:14| Processing: acl localnet src fc00::/7 # RFC 4193
local private network range
2015/02/13 12:27:14| Processing: acl localnet src fe80::/10 # RFC 4291
link-local (directly plugged) machines
2015/02/13 12:27:14| Processing: acl SSL_ports port 443
2015/02/13 12:27:14| Processing: acl Safe_ports port 80 # http
2015/02/13 12:27:14| Processing: acl Safe_ports port 21 # ftp
2015/02/13 12:27:14| Processing: acl Safe_ports port 443 # https
2015/02/13 12:27:14| Processing: acl Safe_ports port 70 # gopher
2015/02/13 12:27:14| Processing: acl Safe_ports port 210 # wais
2015/02/13 12:27:14| Processing: acl Safe_ports port 1025-65535 #
unregistered ports
2015/02/13 12:27:14| Processing: acl Safe_ports port 280 # http-mgmt
2015/02/13 12:27:14| Processing: acl Safe_ports port 488 # gss-http
2015/02/13 12:27:14| Processing: acl Safe_ports port 591 # filemaker
2015/02/13 12:27:14| Processing: acl Safe_ports port 777 # multiling
http
2015/02/13 12:27:14| Processing: acl CONNECT method CONNECT
2015/02/13 12:27:14| Processing: http_access deny !Safe_ports
2015/02/13 12:27:14| Processing: http_access deny CONNECT !SSL_ports
2015/02/13 12:27:14| Processing: http_access allow localhost manager
2015/02/13 12:27:14| Processing: http_access deny manager
2015/02/13 12:27:14| Processing: http_access allow mynet
2015/02/13 12:27:14| Processing: http_access allow localnet
2015/02/13 12:27:14| Processing: http_access allow localhost
2015/02/13 12:27:14| Processing: http_access deny all
2015/02/13 12:27:14| Processing: http_port 10.116.65.155:8080
2015/02/13 12:27:14| Processing: cache_dir ufs /var/cache/squid 100 16 256
2015/02/13 12:27:14| Processing: coredump_dir /var/cache/squid
2015/02/13 12:27:14| Processing: refresh_pattern ^ftp: 1440
20% 10080
2015/02/13 12:27:14| Processing: refresh_pattern ^gopher: 1440 0%
1440
2015/02/13 12:27:14| Processing: refresh_pattern -i (/cgi-bin/|\?) 0
0% 0
2015/02/13 12:27:14| Processing: refresh_pattern . 0 20% 4320
WARNING: Cannot write log file: /var/logs/cache.log
/var/logs/cache.log: Permission denied
messages will be sent to 'stderr'.
root at t4240qds:~# ls -ld /var/logs
drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs
On Fri, Feb 13, 2015 at 5:12 PM, Priya Agarwal <priyaiitmandi at gmail.com>
wrote:
> Then It is unable to write cache.log:
> Here is the output:
>
> root at t4240qds:~# /usr/sbin/squid -k parse
> 2015/02/13 12:27:14| Startup: Initializing Authentication Schemes ...
> 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'basic'
> 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'digest'
> 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'negotiate'
> 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'ntlm'
> 2015/02/13 12:27:14| Startup: Initialized Authentication.
> 2015/02/13 12:27:14| Processing Configuration File: /etc/squid.conf (depth
> 0)
> 2015/02/13 12:27:14| Processing: cache_mgr priyaiitmandi at gmail.com
> 2015/02/13 12:27:14| Processing: visible_hostname t4240qds
> 2015/02/13 12:27:14| Processing: cache_effective_user nobody
> 2015/02/13 12:27:14| Processing: dns_nameservers 8.8.8.8
> 2015/02/13 12:27:14| Processing: acl mynet src 10.116.65.0/24
> 2015/02/13 12:27:14| Processing: acl localnet src 10.0.0.0/8 # RFC1918
> possible internal network
> 2015/02/13 12:27:14| Processing: acl localnet src 172.16.0.0/12 #
> RFC1918 possible internal network
> 2015/02/13 12:27:14| Processing: acl localnet src 192.168.0.0/16 #
> RFC1918 possible internal network
> 2015/02/13 12:27:14| Processing: acl localnet src fc00::/7 # RFC
> 4193 local private network range
> 2015/02/13 12:27:14| Processing: acl localnet src fe80::/10 # RFC
> 4291 link-local (directly plugged) machines
> 2015/02/13 12:27:14| Processing: acl SSL_ports port 443
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 80 # http
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 21 # ftp
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 443 # https
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 70 # gopher
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 210 # wais
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 1025-65535 #
> unregistered ports
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 280 # http-mgmt
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 488 # gss-http
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 591 # filemaker
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 777 #
> multiling http
> 2015/02/13 12:27:14| Processing: acl CONNECT method CONNECT
> 2015/02/13 12:27:14| Processing: http_access deny !Safe_ports
> 2015/02/13 12:27:14| Processing: http_access deny CONNECT !SSL_ports
> 2015/02/13 12:27:14| Processing: http_access allow localhost manager
> 2015/02/13 12:27:14| Processing: http_access deny manager
> 2015/02/13 12:27:14| Processing: http_access allow mynet
> 2015/02/13 12:27:14| Processing: http_access allow localnet
> 2015/02/13 12:27:14| Processing: http_access allow localhost
> 2015/02/13 12:27:14| Processing: http_access deny all
> 2015/02/13 12:27:14| Processing: http_port 10.116.65.155:8080
> 2015/02/13 12:27:14| Processing: cache_dir ufs /var/cache/squid 100 16 256
> 2015/02/13 12:27:14| Processing: coredump_dir /var/cache/squid
> 2015/02/13 12:27:14| Processing: refresh_pattern ^ftp: 1440
> 20% 10080
> 2015/02/13 12:27:14| Processing: refresh_pattern ^gopher: 1440 0%
> 1440
> 2015/02/13 12:27:14| Processing: refresh_pattern -i (/cgi-bin/|\?) 0
> 0% 0
> 2015/02/13 12:27:14| Processing: refresh_pattern . 0 20% 4320
> WARNING: Cannot write log file: /var/logs/cache.log
> /var/logs/cache.log: Permission denied
> messages will be sent to 'stderr'.
> root at t4240qds:~# ls -ld /var/logs
> drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs
>
>
>
> On Fri, Feb 13, 2015 at 5:04 PM, Antony Stone <
> Antony.Stone at squid.open.source.it> wrote:
>
>> On Friday 13 Feb 2015 at 11:06, Priya Agarwal wrote:
>>
>> > So sorry. In squid.conf I had done cache_effective_user to nobody and
>> set
>> > permissions of /var and /usr to nobody. So those are the permissions.
>>
>> Are you saying that /var is owned by 'nobody'?
>>
>> That sounds like a problem for the system to me. /var should be owned by
>> root; if you want to have subdirectories owned by 'nobody', or with
>> permissions to let 'nobody' write to them, that's okay, but I think /var
>> being
>> owned by 'nobody' will cause more problems than just for squid.
>>
>> > root at t4240qds:/var/logs# ls -al /var/logs/access.log
>> > ls: cannot access /var/logs/access.log: No such file or directory
>> > root at t4240qds:/var/logs# ls -ld /var/logs
>> > drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs
>>
>> Maybe someone more familiar with squid than I am can comment on this, but
>> isn't the log file opened before squid drops its privileges (same as the
>> network sockets), so you don't actually need the logfile path to be
>> writable
>> by the squid_effective_user?
>>
>> Regards,
>>
>>
>> Antony.
>>
>> --
>> All generalisations are inaccurate.
>>
>> Please reply to the
>> list;
>> please *don't*
>> CC me.
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150213/f91e0b05/attachment-0002.html>
More information about the squid-users
mailing list