From 8209c7e67442a54d155db2e939f1a90c5debe7ea Mon Sep 17 00:00:00 2001
From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Tue, 17 Mar 2015 13:59:53 +0200
Subject: [PATCH] start workers as root

SMP workers in trunk start without root privileges. This results in startup
failures when workers need to use a privileged port (e.g., 443) or other
root-only features such as TPROXY.

The watch_child function, responsible to watch and start squid workers for
the squid monitor process, called after a enter_suid() call, but the
writePidFile() call, inside the watch_child(), will leave suid mode before exit.

This patch add enter_suid() cals after the writePidFile and removePidFile()
inside the watch_child() function.

This is a Measurement Factory project
---
 src/main.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main.cc b/src/main.cc
index 76ee88b4f4..805955d5e2 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -1777,6 +1777,7 @@ watch_child(char *argv[])
     }
 
     writePidFile();
+    enter_suid(); // writePidFile() uses leave_suid()
 
 #if defined(_SQUID_LINUX_THREADS_)
     squid_signal(SIGQUIT, rotate_logs, 0);
@@ -1882,6 +1883,7 @@ watch_child(char *argv[])
             enter_suid();
 
             removePidFile();
+            enter_suid(); // removePidFile() uses leave_suid()
             if (TheKids.someSignaled(SIGINT) || TheKids.someSignaled(SIGTERM)) {
                 syslog(LOG_ALERT, "Exiting due to unexpected forced shutdown");
                 exit(1);
-- 
2.47.2