ons 2009-02-11 klockan 14:56 +1300 skrev Amos Jeffries: > WHY: > * it's a security breach.
Why? > * it's the source of many permissions annoyances. Yes. > * the setting is still widely recommended in online how-to's Yes, and often for the wrong reasons. > * current Squid-3+ are perfectly capable of pulling correct user/group > pairs from the OS or being built with a distro preferred user other than > 'none'. Yes. > HISTORY: > If I recall correctly, the only holdback we had last time this was > discussed was that certain setups and winbind needed it to work. Not sure. > That has since changed with the information about the winbind priv group > being available to Squid. ? > DESIRED OUTCOME: > I'd like to obsolete it in 3.2 unless there is another compelling > reason to keep it? I don't see why it should be dropped. > Failing that, I'd like to come up with a setup of parameters we can > detect and severely restrict its usage. Makign noisy log and startup > warnings when abused. How is this directive abused? If you set it to something then you don't get the benefit of multiple group membership of the user account. A +/- 0 from me. Regards Henrik
