Hi there,
I've got my squid 2.5 STABLE10 configured to run with an effective user of
'squid' for all the normal reasons. This only seems to half work. Only one of
the two squid processes runs as 'squid' the parent still runs as 'root'
UID PID PPID C STIME TTY TIME CMD
squid 14199 14197 0 09:34:07 ? 0:06 (squid) -sYDf
/usr/local/squid/squid2/etc/squid2.conf
root 14197 1 0 09:34:07 ? 0:00 /usr/local/squid/sbin/squid
-sYDf /usr/local/squid/squid2/etc/squid2.conf
This is a problem because now the 'squid -k' commands don't work. 'squid -k'
switches to the 'squid' uid and can't send signals to the parent squid running
as root.
I've had a quick look at the source code (main.c rev 1.345.2.25) and my first
guess is that watch_child needs to bracket the execvp() call with enter_suid()
and leave_suid().
Unfortunately I won't be able to test this until next week because I'm
travelling overseas in a few minutes. With luck someone will be able to
confirm/disprove my theory while I'm away.
Cheers,
Lloyd
