[expert] Squid Permissions and MSEC

Sun, 20 Feb 2000 14:21:45 -0800 

Looks like MSEC is a great idea.  I just installed Mandrake
7.0.2 and set to server:highsecurity.  (for my firewall)

But am having a problem with Squid...  it can't get to the access.log,
and further investigation shows it can't access the cache.log either.
(permissions problem)  I can squid -z  though.

I have set the log & spool directories' permissions to global
everything.  I changed squid.conf 'cache effective user' and 'group' to
squid:squid and to nobody:nogroup, each time chowning the log & cache
dir to match, and no effect on the problem.  Squid will not run.  And if I
can't run Squid, I can't run Junkbuster... HELP!

I think this MSEC has everything to do with the problem, but can't
figure out how.  It doesn't seem to have a daemon; (is it a kernel patch?
Some 'invisible hand' is affecting me and not leaving any hints)   Only
two terse setup proggies & sparse docs.  I find
/etc/security/msec/user.conf has two usernames in it... <mine> & samba.
But when I manually add squid, it doesn't help.  When I enable squid for
levels 3, 4, & 5 using chkconfig it doesn't help.  (And why are levels 0-6
available?  What are they...  MSEC, or services levels?)

Also Netscape always segfaults, possibly because it can't write to its
config
directory.  (permissions?)

And xfs will not recognize a new ttf dir,  when installed with
chkfontpath.  (permissions?)   Sometimes xfs won't start at all and causes
X to crash on startup with "could not find 'fixed' font".  That problem
has spontaneously healed... twice.

I have httpd nicely routed through TCPWrappers and the inside machines
can see it, but noone outside can.  (permissions again?)

And why  CAN  I ping my firewall's outside interface from an inside
machine, with firewalling, masquarading, & ip_forwarding OFF??!!  What's
moving packets between inside and outside interfaces?
I think I must not be filtering packets!

I can't prove whether selecting 'high' security makes it MSEC level 3, or
4.

To the guy with the outragious 4-way SMP machine, it sounds like a
caching- or operations-file limit is set in the SMP or disk quota areas.
Try turning off quotas.  Also suspect MSEC.

Black & Blue is much more beautiful (and usable)  than any Gnome themes.
Nice work KDE!  And MSEC is great, but I need a steering wheel for my car.

--
Carl A. Cook
quantumATaugustmailDOTcom

Certainly the game is rigged.  Don't let that stop you...
              If you don't bet you can't win.

S/MIME Cryptographic Signature

Reply via email to