From: hno <> Date: Fri, 26 Jan 2001 05:54:52 +0000 (+0000) Subject: From Kevin Littlejohn: X-Git-Tag: SQUID_3_0_PRE1~1631 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8749fa47aedadc8b36b9df15ec9e3bf6251ec5c2;p=thirdparty%2Fsquid.git From Kevin Littlejohn: makes cache_cf.c not try and figure out nobody and nogroup if it's not going to use them - ie. if squid is being run as a user instead of as root. It came up because I don't have a nogroup on my machine. Additions by Henrik Nordstrom: cache_effective_group now defaults to the GID of cache_effective_user, or the current user if not started as root. If can always be specified to some other value if required, but are then subject to the permissions set by the os (i.e. only root can set the group to a group where he/she is not a member) --- diff --git a/src/cache_cf.cc b/src/cache_cf.cc index 6a92d41696..df2200e30a 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.cc,v 1.369 2001/01/12 00:37:14 wessels Exp $ + * $Id: cache_cf.cc,v 1.370 2001/01/25 22:54:52 hno Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -386,9 +386,10 @@ configDoConfigure(void) } if (aclPurgeMethodInUse(Config.accessList.http)) Config2.onoff.enable_purge = 1; - if (NULL != Config.effectiveUser) { - struct passwd *pwd = getpwnam(Config.effectiveUser); - if (NULL == pwd) + if (geteuid() == 0) { + if (NULL != Config.effectiveUser) { + struct passwd *pwd = getpwnam(Config.effectiveUser); + if (NULL == pwd) /* * Andres Kroonmaa : * Some getpwnam() implementations (Solaris?) require @@ -398,10 +399,15 @@ configDoConfigure(void) * This should be safe at startup, but might still fail * during reconfigure. */ - fatalf("getpwnam failed to find userid for effective user '%s'", - Config.effectiveUser, - xstrerror()); - Config2.effectiveUserID = pwd->pw_uid; + fatalf("getpwnam failed to find userid for effective user '%s'", + Config.effectiveUser, + xstrerror()); + Config2.effectiveUserID = pwd->pw_uid; + Config2.effectiveGroupID = pwd->pwd_gid; + } + } else { + Config2.effectiveUserID = geteuid(); + Config2.effectiveGroupID = getegid(); } if (NULL != Config.effectiveGroup) { struct group *grp = getgrnam(Config.effectiveGroup); diff --git a/src/cf.data.pre b/src/cf.data.pre index 7720338684..9779c3ec8d 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.207 2001/01/12 00:37:15 wessels Exp $ +# $Id: cf.data.pre,v 1.208 2001/01/25 22:54:52 hno Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -1975,17 +1975,19 @@ DOC_NONE NAME: cache_effective_group TYPE: string -DEFAULT: nogroup +DEFAULT: none LOC: Config.effectiveGroup DOC_START If the cache is run as root, it will change its effective/real UID/GID to the UID/GID specified below. The default is to - change to UID to nobody and GID to nogroup. + change to UID to nobody and GID to the default group of nobody. If Squid is not started as root, the default is to keep the - current UID/GID. Note that if Squid is not started as root then - you cannot set http_port to a value lower than 1024. + current UID/GID, and only the GID can be changed to any of + the groups the user starting Squid is member of. Note that if + Squid is not started as root then you cannot set http_port to + a value lower than 1024. DOC_END