On Monday 04 February 2002 19:18, Rick Matthews wrote: > > Do you have these statements in your squid.conf file? > cache_effective_user squid > cache_effective_group squid Yes.
> If so, the 640 should work fine. From the configuration page > (http://www.squidguard.org/config/), "Notes" section: > -------- Clip from Configuration page -------- > To avoid publishing to your users a complete guide to banned sites, > you probably want to have some or all of these files protected by > for instance: > chmod 640 /wherever/filter/db/dest/adult/* > chown cache_effective_user /wherever/filter/db/dest/adult/* > chgrp cache_effective_group /wherever/filter/db/dest/adult/* > where cache_effective_user and cache_effective_group are the values > for the corresponding tags as defined in squid.conf. > -------- End of Clip ------------------------- > > Whoa! I just realized that I put 740 in my previous post! It should > be 640. My apologies. > > The other important point is that your destination directories > should have the same owner and group as specified in your squid.conf > for cache_effective_user and cache_effective_group. > > I have a few questions/comments after looking at your > squidGuard.conf file: > > (1) Your dbhome statement points to /var/squidguard/db. Does the > directory name have a lower case "g" to match your dbhome statement? Yes - I know that "g" is odd - but it matches ${DBHOME} > (2) Did you use the blacklists.tar.gz file from the squidGuard site? > If you did, and if you installed (unpacked) it using the command > listed in the installation instructions, all of your destination > directories would be under a /blacklists directory, for example: > ${DBHOME}/blacklists/ads > ${DBHOME}/blacklists/hacking > ${DBHOME}/blacklists/porn > etc. I did use the blacklists.tar.gz file so, even though I have no memory or note of having done so, I must have moved them there manually - as you say. Quick inspection shows there is an all but empty ${DBHOME}/blacklists containing only a mail subdirectory. I will dispose of it. > Based on your squidGuard.conf, squidGuard will look for your > destination directories here: > ${DBHOME}/ads > ${DBHOME}/hacking > ${DBHOME}/porn > etc. > > If that's where those directories are, you probably had to manually > move/rename them to get them there. > > (3) What are the contents of /usr/local/squidGuard/log/blocked.log? > Does it have entries for the sites successfully blocked? Yes it does - for sites in the current database. What I can't do is add or subtract to that database. > (4) You mentioned that you were able to get squidGuard started > properly. You should be seeing multiple "loading dbfile...", "init > domainlist...", "init urllist..." statements in your log file, > ending with "squidGuard ready for requests...". Is that what you are > seeing? Exactly as you describe. This walk through is proving very useful in terms of telling me what I should and should not be seeing. > (5) This may be a dumb question, but are you certain that "#" lines > in the squidGuard.conf file are considered comments? If I read that > I forgot it, and I can't remember ever seeing sample conf files that > included comment lines (and they would have been helpful as in-line > documentation). Whoops! You've caught me out on messy housekeeping. That was me experimenting with different configurations and those comment lines are the fossilised remains of the ones that didn't make it. I debated with myself whether or not to clean them out before posting it but thought I better leave them in just in case they proved to be "material" in the insurance industry sense of the word. > Hopefully things are getting better for you? Thanks very much for the time and advice, Rick. As I said, what you've told me so far reassures me that my squidGuard setup is normal; but that there are a couple of things I should look at. After each tweak I'll restart and see what happens. Nigel -- Nigel Pauli - I.T. Manager St. John's School, Northwood, U.K. http://www.st-johns.org.uk/
