start workers as root

SMP workers in trunk start without root privileges. This results in startup
failures when workers need to use a privileged port (e.g., 443) or other
root-only features such as TPROXY.

The watch_child function, responsible to watch and start squid workers for
the squid monitor process, called after a enter_suid() call, but the
writePidFile() call, inside the watch_child(), will leave suid mode before exit.

This patch add enter_suid() cals after the writePidFile and removePidFile()
inside the watch_child() function.

This is a Measurement Factory project

diff --git a/src/main.cc b/src/main.cc
index 76ee88b4f4d96442a280c9c3b68be496f8a2d6ca..805955d5e23cfdd1825163484b0adfba130f4330 100644 (file)
--- a/src/main.cc
+++ b/src/main.cc
@@ -1777,6 +1777,7 @@ watch_child(char *argv[])
     }
 
     writePidFile();
+    enter_suid(); // writePidFile() uses leave_suid()
 
 #if defined(_SQUID_LINUX_THREADS_)
     squid_signal(SIGQUIT, rotate_logs, 0);
@@ -1882,6 +1883,7 @@ watch_child(char *argv[])
             enter_suid();
 
             removePidFile();
+            enter_suid(); // removePidFile() uses leave_suid()
             if (TheKids.someSignaled(SIGINT) || TheKids.someSignaled(SIGTERM)) {
                 syslog(LOG_ALERT, "Exiting due to unexpected forced shutdown");
                 exit(1);