Rafael / Amos - I got my system up and running yesterday. Thanks so much for the help. I couldn't get some of the suggestions that Amos made to work, but they did after running some of the commands on Rafael's wiki, so a real team effort!
After getting it up and running, I found that mac address filtering was not working. On closer inspection I found that I was running v3.3.8. I guess that’s the version my new Ubuntu install (14.04.03 LTS) uses with: sudo apt-get install squid I decided to try and build the latest version of squid from source and I ran into some more problems I cannot solve, so some follow up questions 1) Earlier in the thread, Amos suggested I run: apt-get build-dep squid to install the packages needed to build squid. That’s just the dependencies though right; I still need the squid source code? Sorry if that seems obvious, just want to make sure I’m not missing something. 2) I downloaded squid-3.5.8.tar.xz. I captured the configure options from my current v3.3.8 squid install using: squid3 -v but it led to errors when building v3.5.8, for example: '--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'. I suppose it’s not surprising given it’s such an old version, so I went through them all and used the ones I thought made most sense for me. I got it to build. Here’s the squid3 -v output from my v3.5.8 build: Squid Cache: Version 3.5.8 Service Name: squid configure options: '--prefix=/mysquid' '--enable-arp-acl' '--localstatedir=/var' '--libexecdir=/lib/squid3' '--datadir=/share/squid3' '--sysconfdir=/etc/squid3' '--with-default-user=proxy' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--build=arm-linux-gnueabihf' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--srcdir=.' '--enable-basic-auth-helpers=DB' 'build_alias=arm-linux-gnueabihf' Here are the problems: a) I had to change the owner of /var/log/squid3 from root to proxy: sudo chown proxy /var/log/squid3 Not a big deal I guess, but why can’t make install take care of the permissions? b) It doesn’t start as a service and there’s no squid file in: /etc/init.d/ so I cannot make the DAEMON= and CONFIG= variables point at my custom /mysquid/sbin/squid and /etc/squid3/squid.conf (I’ll change the --sysconfdir config parameter to /mysquid/etc/squid3 in a future build) c) There’s no error when I run: /mysquid/sbin/squid -k parse but when I run: /mysquid/sbin/squid -NCd1 I get: FATAL: Ipc::Mem::Segment::create failed to shm_open(/squid-cf__metadata.shm): (13) Permission denied It didn’t help to make the owner of the "squid-cf*" files to cache_effective_user as suggested in an online post: *-rw------- 1 proxy mysquid 8 Sep 7 09:31 /dev/shm/squid-cf__metadata.shm* *-rw------- 1 proxy mysquid 8216 Sep 7 09:31 /dev/shm/squid-cf__queues.shm* *-rw------- 1 proxy mysquid 44 Sep 7 09:31 /dev/shm/squid-cf__readers.shm* d) The configuration file: /etc/squid3/squid.conf is a lot different! For example I cannot find: cache_effective_user Can you point me to the updated documentation for configuring squid? Thanks, Deiter On Sun, Aug 30, 2015 at 12:15 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 31/08/2015 5:27 a.m., Howard Waterfall wrote: > > Thanks again, this is valuable information! > > > > As you may have guessed, I'm asking about the user that should do builds > to > > ensure that the build outputs are created with the appropriate > permissions > > - I get a little concerned about security. It sounds like you are > > suggesting that I simply create a directory for my custom builds: > > > > I assign the --prefix option to the folder I create, so my build output > > goes there, and then I make sure the permissions for that folder (and > it's > > sub-directories) are set for the user defined by *cache_effective_user* > (and > > the user defined by the ./configure option --*with-default-user*). Could > > you confirm? > > Ah, no. > > You set ownership of the /proxy folder to whoever amongst the local > machine user accounts you want to have the ability to build and alter > the custom Squid binaries etc. Pretty much Admin powers over Squid. > > The make process should install the sub-folders with correct permissions > for the users that will be involved at run-time. > > Running the init script / squid as root will take care of the rest. > > [ "the rest" being: > > The init script runs as root and starts the 'master process' with root > privileges. That process creates the run-time files and logs etc with > correct permissions for the effective-user account to access. > > The effective-user account is the low-privilege one named in > --with-default-user and can read/exec the things it needs but not write > outside the few things the master has explicitly given it ownership of > (ie those run-time PID file, logs). > > ] > > PS. > You do not need to work with both --with-default-user and > cache_effective_user. All the ./configure option does is set the > built-in cache_effective_user default value. > > The intention was that you use the ./configure option and omit the > squid.conf option. > > > NP: if you find that /proxy/var/run or /proxy/var/run/squid is missing > (sometimes it is). Then create those with 777 permission and owner/group > of the Admin account. > > > > > Finally (I hope), I've re-installed Ubuntu (various reasons, not just > squid > > issues) and I successfully installed squid using: > > *sudo apt-get install squid3* > > > > Squid wasn't found the first time: > > *E: Unable to locate package squid3* > > > > I had to run this first: > > *sudo apt-get update* > > > > However, when I try *apt-get build-dep squid,* I get: > > *You must put some 'source' uris in your sources.list* > > > > I can't seem to get over this problem. I've un-commented every line in > > */etc/apt/sources.list* that starts with deb-src. > > > > Could you suggest a repository that I can add to */etc/apt/sources.list*? > > It should be exactly the same as your normal "deb" sources.list line. > But with "deb-src" at the front. Usually the single line directly > underneath what you had uncommented before. > > Mine looks like this: > > deb http://ftp.debian.org/debian unstable main contrib > deb-src http://ftp.debian.org/debian unstable main contrib > > Where I have "unstable" you would have the Ubuntu 14.04 version name > (trusty?). And different server of course. > > Sorry for the vagueness there. I dont work directly with Ubuntu anymore. > > The Ubuntu guys did a weird transition from squid3 to squid package > names and insisted on doing it well before the Squid-3 code could handle > the 2.7 upgrades. So things are a bit funky IMHO. > > Anyhow, the source package name I think is still "squid3" which should > build the binary packages "squid" and "squid-common" > (then: dpkg --install squid-common_*.deb squid_*.deb ). > > Amos >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
