Duane Wessels wrote:
> Can you think of any reasons that squid should NOT install and create
> directories with owner-only permissions set?
One very simple one:
The install script does not know what the correct owner should be. This
makes it very likely that the base install of Squid will make an
installation which cannot be started until the administrator has "opened
up" the permissions either by reverting the permissions to the current
ones, or by changing directory/file owner to the Squid user.
Also, many people consider it a security hasard to have important files
(such as configuration files) owned by a daemon user (squid or nobody).
My vote is to add a little note telling people how to set up group based
security to allow only the Squid daemon user (cache_effective_user) and
administrators access to it's configuration files.
Add squid group to /etc/groups
chgrp -R squid /usr/local/squid
chmod -R o= /usr/local/squid
Change cache_effective_group to squid in squid.conf
/Henrik
Received on Tue Jul 29 2003 - 13:16:00 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:17 MST