[squid-users] logfileHandleWrite: daemon:/var/logs/access.log: error writing ((32) Broken pipe)

Priya Agarwal priyaiitmandi at gmail.com
Fri Feb 13 11:45:18 UTC 2015


root at t4240qds:~# chown -R nobody:nogroup /var/logs
root at t4240qds:~# /usr/sbin/squid -k parse
2015/02/13 12:27:14| Startup: Initializing Authentication Schemes ...
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'basic'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'digest'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'negotiate'
2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'ntlm'
2015/02/13 12:27:14| Startup: Initialized Authentication.
2015/02/13 12:27:14| Processing Configuration File: /etc/squid.conf (depth
0)
2015/02/13 12:27:14| Processing: cache_mgr priyaiitmandi at gmail.com
2015/02/13 12:27:14| Processing: visible_hostname t4240qds
2015/02/13 12:27:14| Processing: cache_effective_user nobody
2015/02/13 12:27:14| Processing: dns_nameservers 8.8.8.8
2015/02/13 12:27:14| Processing: acl mynet src 10.116.65.0/24
2015/02/13 12:27:14| Processing: acl localnet src 10.0.0.0/8    # RFC1918
possible internal network
2015/02/13 12:27:14| Processing: acl localnet src 172.16.0.0/12    #
RFC1918 possible internal network
2015/02/13 12:27:14| Processing: acl localnet src 192.168.0.0/16    #
RFC1918 possible internal network
2015/02/13 12:27:14| Processing: acl localnet src fc00::/7       # RFC 4193
local private network range
2015/02/13 12:27:14| Processing: acl localnet src fe80::/10      # RFC 4291
link-local (directly plugged) machines
2015/02/13 12:27:14| Processing: acl SSL_ports port 443
2015/02/13 12:27:14| Processing: acl Safe_ports port 80        # http
2015/02/13 12:27:14| Processing: acl Safe_ports port 21        # ftp
2015/02/13 12:27:14| Processing: acl Safe_ports port 443        # https
2015/02/13 12:27:14| Processing: acl Safe_ports port 70        # gopher
2015/02/13 12:27:14| Processing: acl Safe_ports port 210        # wais
2015/02/13 12:27:14| Processing: acl Safe_ports port 1025-65535    #
unregistered ports
2015/02/13 12:27:14| Processing: acl Safe_ports port 280        # http-mgmt
2015/02/13 12:27:14| Processing: acl Safe_ports port 488        # gss-http
2015/02/13 12:27:14| Processing: acl Safe_ports port 591        # filemaker
2015/02/13 12:27:14| Processing: acl Safe_ports port 777        # multiling
http
2015/02/13 12:27:14| Processing: acl CONNECT method CONNECT
2015/02/13 12:27:14| Processing: http_access deny !Safe_ports
2015/02/13 12:27:14| Processing: http_access deny CONNECT !SSL_ports
2015/02/13 12:27:14| Processing: http_access allow localhost manager
2015/02/13 12:27:14| Processing: http_access deny manager
2015/02/13 12:27:14| Processing: http_access allow mynet
2015/02/13 12:27:14| Processing: http_access allow localnet
2015/02/13 12:27:14| Processing: http_access allow localhost
2015/02/13 12:27:14| Processing: http_access deny all
2015/02/13 12:27:14| Processing: http_port 10.116.65.155:8080
2015/02/13 12:27:14| Processing: cache_dir ufs /var/cache/squid 100 16 256
2015/02/13 12:27:14| Processing: coredump_dir /var/cache/squid
2015/02/13 12:27:14| Processing: refresh_pattern ^ftp:        1440
20%    10080
2015/02/13 12:27:14| Processing: refresh_pattern ^gopher:    1440    0%
1440
2015/02/13 12:27:14| Processing: refresh_pattern -i (/cgi-bin/|\?) 0
0%    0
2015/02/13 12:27:14| Processing: refresh_pattern .        0    20%    4320
WARNING: Cannot write log file: /var/logs/cache.log
/var/logs/cache.log: Permission denied
         messages will be sent to 'stderr'.
root at t4240qds:~# ls -ld /var/logs
drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs


On Fri, Feb 13, 2015 at 5:12 PM, Priya Agarwal <priyaiitmandi at gmail.com>
wrote:

> Then It is unable to write cache.log:
> Here is the output:
>
> root at t4240qds:~# /usr/sbin/squid -k parse
> 2015/02/13 12:27:14| Startup: Initializing Authentication Schemes ...
> 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'basic'
> 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'digest'
> 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'negotiate'
> 2015/02/13 12:27:14| Startup: Initialized Authentication Scheme 'ntlm'
> 2015/02/13 12:27:14| Startup: Initialized Authentication.
> 2015/02/13 12:27:14| Processing Configuration File: /etc/squid.conf (depth
> 0)
> 2015/02/13 12:27:14| Processing: cache_mgr priyaiitmandi at gmail.com
> 2015/02/13 12:27:14| Processing: visible_hostname t4240qds
> 2015/02/13 12:27:14| Processing: cache_effective_user nobody
> 2015/02/13 12:27:14| Processing: dns_nameservers 8.8.8.8
> 2015/02/13 12:27:14| Processing: acl mynet src 10.116.65.0/24
> 2015/02/13 12:27:14| Processing: acl localnet src 10.0.0.0/8    # RFC1918
> possible internal network
> 2015/02/13 12:27:14| Processing: acl localnet src 172.16.0.0/12    #
> RFC1918 possible internal network
> 2015/02/13 12:27:14| Processing: acl localnet src 192.168.0.0/16    #
> RFC1918 possible internal network
> 2015/02/13 12:27:14| Processing: acl localnet src fc00::/7       # RFC
> 4193 local private network range
> 2015/02/13 12:27:14| Processing: acl localnet src fe80::/10      # RFC
> 4291 link-local (directly plugged) machines
> 2015/02/13 12:27:14| Processing: acl SSL_ports port 443
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 80        # http
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 21        # ftp
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 443        # https
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 70        # gopher
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 210        # wais
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 1025-65535    #
> unregistered ports
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 280        # http-mgmt
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 488        # gss-http
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 591        # filemaker
> 2015/02/13 12:27:14| Processing: acl Safe_ports port 777        #
> multiling http
> 2015/02/13 12:27:14| Processing: acl CONNECT method CONNECT
> 2015/02/13 12:27:14| Processing: http_access deny !Safe_ports
> 2015/02/13 12:27:14| Processing: http_access deny CONNECT !SSL_ports
> 2015/02/13 12:27:14| Processing: http_access allow localhost manager
> 2015/02/13 12:27:14| Processing: http_access deny manager
> 2015/02/13 12:27:14| Processing: http_access allow mynet
> 2015/02/13 12:27:14| Processing: http_access allow localnet
> 2015/02/13 12:27:14| Processing: http_access allow localhost
> 2015/02/13 12:27:14| Processing: http_access deny all
> 2015/02/13 12:27:14| Processing: http_port 10.116.65.155:8080
> 2015/02/13 12:27:14| Processing: cache_dir ufs /var/cache/squid 100 16 256
> 2015/02/13 12:27:14| Processing: coredump_dir /var/cache/squid
> 2015/02/13 12:27:14| Processing: refresh_pattern ^ftp:        1440
> 20%    10080
> 2015/02/13 12:27:14| Processing: refresh_pattern ^gopher:    1440    0%
> 1440
> 2015/02/13 12:27:14| Processing: refresh_pattern -i (/cgi-bin/|\?) 0
> 0%    0
> 2015/02/13 12:27:14| Processing: refresh_pattern .        0    20%    4320
> WARNING: Cannot write log file: /var/logs/cache.log
> /var/logs/cache.log: Permission denied
>          messages will be sent to 'stderr'.
> root at t4240qds:~# ls -ld /var/logs
> drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs
>
>
>
> On Fri, Feb 13, 2015 at 5:04 PM, Antony Stone <
> Antony.Stone at squid.open.source.it> wrote:
>
>> On Friday 13 Feb 2015 at 11:06, Priya Agarwal wrote:
>>
>> > So sorry. In squid.conf I had done cache_effective_user to nobody and
>> set
>> > permissions of /var and /usr to nobody. So those are the permissions.
>>
>> Are you saying that /var is owned by 'nobody'?
>>
>> That sounds like a problem for the system to me.  /var should be owned by
>> root; if you want to have subdirectories owned by 'nobody', or with
>> permissions to let 'nobody' write to them, that's okay, but I think /var
>> being
>> owned by 'nobody' will cause more problems than just for squid.
>>
>> > root at t4240qds:/var/logs# ls -al /var/logs/access.log
>> > ls: cannot access /var/logs/access.log: No such file or directory
>> > root at t4240qds:/var/logs# ls -ld /var/logs
>> > drwx------ 2 nobody nogroup 4096 Feb 13 11:49 /var/logs
>>
>> Maybe someone more familiar with squid than I am can comment on this, but
>> isn't the log file opened before squid drops its privileges (same as the
>> network sockets), so you don't actually need the logfile path to be
>> writable
>> by the squid_effective_user?
>>
>> Regards,
>>
>>
>> Antony.
>>
>> --
>> All generalisations are inaccurate.
>>
>>                                                    Please reply to the
>> list;
>>                                                          please *don't*
>> CC me.
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150213/f91e0b05/attachment-0002.html>


More information about the squid-users mailing list