On Mon, 15 Dec 2003, Renato Kalugdan wrote: > the parent process will run as root and child process will run underneath? > > for security purposes, this is ok?
Sort of. > one last question. > > should i log in as different user and issue same command instead? I would recomment to start Squid as the "cache_effective_user" unless you want to use the "chroot_dir" directive to further lock Squid down. Without this the daemon mode of Squid only partially drops the root privileges, it still retains some root privileges in order to support all different combinations of "squid -k reconfigure", even if your current configuration maybe does not require any special privileges. As a compromise if setting up a chroot jail is too complex Squid can be configured with "chroot_dir" set to /. This will cause Squid to permanently drop all it's root privileges with no point of return after reading the configuration file. Regards Henrik
