[squid-users] squid 5.1/Debian WARNING: no_suid: setuid(0): (1) Operation not permitted

L.P.H. van Belle belle at bazuin.nl
Wed Sep 15 11:45:29 UTC 2021 

How do you build and start it, init.d/squid or systemd start squid

In case of last, what i suspect, I seen more if these messages on previous version.. 
But all my version dont show this on Debian 10. 
 
This is my latest startup for systemd 

# /lib/systemd/system/squid.service
## Copyright (C) 1996-2021 The Squid Software Foundation and contributors
##
## Squid software is distributed under GPLv2+ license and includes
## contributions from numerous individuals and organizations.
## Please see the COPYING and CONTRIBUTORS files for details.
##
 
[Unit]
Description=Squid Web Proxy Server
Documentation=man:squid(8)
After=network.target network-online.target nss-lookup.target
 
[Service]
Type=notify
PIDFile=/run/squid.pid
ExecStartPre=/usr/sbin/squid --foreground -z
ExecStart=/usr/sbin/squid --foreground -sYC
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
NotifyAccess=all
 
[Install]
WantedBy=multi-user.target


--- 
these are the settings from a debian (own) build setup with squid 4.16. ( with ssl enabled) 

squid -v
Squid Cache: Version 4.16
Service Name: squid
Debian linux
 
This binary uses OpenSSL 1.1.1d  10 Sep 2019. For legal restrictions on distribution see https://www.openssl.org/source/license.html
 
configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid-4.16=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' 'BUILDCXX=x86_64-linux-gnu-g++' '--with-build-environment=default' '--enable-build-info=Debian linux' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-ica
 p-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,SMB_LM' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group' '--enable-security-cert-validators=fake' '--enable-storeid-rewrite-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--with-gnutls' '--enable-ssl' '--enable-ssl-crtd' '--with-openssl' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CC=x86_64-linux-gnu-gcc' 'CFLAGS=-g -O2 -fdebug-prefix-map=/buil
 d/squid-4.16=. -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXX=x86_64-linux-gnu-g++' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid-4.16=. -fstack-protector-strong -Wformat -Werror=format-security'


look if you also see : '--with-default-user=proxy'  
and if its self compiled. 
sudo adduser --system proxy 
And when thats done verify the needed folders and there rights/ownerships. 
 
The "debian" folder if you want it have a look of what i use currently in production. 

https://apt.van-belle.nl/debian/pool/main/s/squid/squid_4.16-0.1ssl1buster1.debian.tar.xz <https://apt.van-belle.nl/debian/pool/main/s/squid/squid_4.16-0.1ssl1buster1.debian.tar.xz>  
 
As soon i can make debian packages of 5.1, im making a buster and bullseye version. 

I hope this helps you a bit. 

Greetz, 

Louis

 




________________________________

	Van: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] Namens David Touzeau
	Verzonden: woensdag 15 september 2021 12:40
	Aan: squid-users at lists.squid-cache.org
	Onderwerp: [squid-users] squid 5.1/Debian WARNING: no_suid: setuid(0): (1) Operation not permitted
	
	
	On Debian 10 64bits  with squid 5.1 we have thousand warning as this:
	
	2021/09/15 08:00:18 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
	2021/09/15 08:00:18 kid2| WARNING: no_suid: setuid(0): (1) Operation not permitted
	2021/09/15 08:00:18 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
	2021/09/15 08:00:18 kid2| WARNING: no_suid: setuid(0): (1) Operation not permitted
	2021/09/15 08:00:18 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
	2021/09/15 08:00:18 kid2| WARNING: no_suid: setuid(0): (1) Operation not permitted
	2021/09/15 08:00:18 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
	
	When squid try to load external acls binaries 
	
	add chmod 04755 in binaries  did not resolve the issue.
	
	No issue with same configuration with squid 3.5x branch
	
	Any tips ?

More information about the squid-users mailing list