On Wed, Sep 1, 2010 at 9:02 AM, Ed Flecko <edfle...@gmail.com> wrote: > Hi folks, > I'm looking in some documentation for Squid, which I'm installing on a > FBSD 8.1 server, and it says I need to create a squid user and a squid > group because I'm building/installing from source. > > I see to create the squid user, I user the (of course) "adduser" > command (there isn't a default squid user with the base install, is > there?). > > 1.) When I use the adduser command, from a security perspective, > should the squid user have a shell? What should it be? > > 2.) How do I create a squid group and add the squid user to it? > > 3.) Since the squid user needs full access to the squid directory and > all of its files, what the easiest way to give the appropriate > permissions?
Service accounts shouldn't have a password (their password field should be "starred out") and should have a shell of /usr/sbin/nologin (this program logs any attempt to run it and exits). The port using the following commands to set this up: pw groupadd squid -g 100 -q pw useradd -q -n squid -u 100 -g squid -c "Squid caching-proxy psuedo user" -d "/var/squid" -s "/usr/sbin/nologin" -h - This assumes data is in /var/squid. You can create this directory and use chmod/chown to give the user and group necessary permissions. The UID and GID (100 and 100 in this case) come from the lists in /usr/ports and are reserved for squid to avoid conflicts. -- Rob Farmer > > Thank you, > Ed > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"