From owner-freebsd-questions@FreeBSD.ORG Tue Jul 5 18:48:14 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74DF716A41C for ; Tue, 5 Jul 2005 18:48:14 +0000 (GMT) (envelope-from ws@au.dyndns.ws) Received: from smtp3.adl2.internode.on.net (smtp3.adl2.internode.on.net [203.16.214.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id E17AB43D49 for ; Tue, 5 Jul 2005 18:48:13 +0000 (GMT) (envelope-from ws@au.dyndns.ws) Received: from lillith-iv.ovirt.dyndns.ws (ppp103-111.static.internode.on.net [150.101.103.111]) by smtp3.adl2.internode.on.net (8.12.9/8.12.9) with ESMTP id j65ImBEh006002; Wed, 6 Jul 2005 04:18:12 +0930 (CST) X-Envelope-From: ws@au.dyndns.ws X-Envelope-To: freebsd-questions@freebsd.org Received: from [192.168.1.194] ([192.168.1.194]) by lillith-iv.ovirt.dyndns.ws (8.13.3/8.13.3) with ESMTP id j65Ilrie070183; Wed, 6 Jul 2005 04:17:53 +0930 (CST) (envelope-from ws@au.dyndns.ws) From: Wayne Sierke To: Chuck Swiger In-Reply-To: <42CAC5B3.6070400@mac.com> References: <1120584597.57575.51.camel@au.dyndns.ws> <42CAC5B3.6070400@mac.com> Content-Type: text/plain Date: Wed, 06 Jul 2005 04:17:52 +0930 Message-Id: <1120589272.57575.81.camel@au.dyndns.ws> Mime-Version: 1.0 X-Mailer: Evolution 2.2.2 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.51 on 192.168.1.142 X-Scanned-By: SpamAssassin 3.000003(2005-04-27) X-Scanned-By: F-Prot X-Scanned-By: ClamAV X-Spam-Score: -2.82 () ALL_TRUSTED Cc: freebsd-questions@freebsd.org Subject: Re: squid bind to port 80 fails when started via squid.sh script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jul 2005 18:48:14 -0000 On Tue, 2005-07-05 at 13:38 -0400, Chuck Swiger wrote: > Wayne Sierke wrote: > > FreeBSD 5.4-RELEASE/squid-2.5.9_3 > > > > If I start squid via the script (as root), I get: > > > > /var/log/squid_cache.log: > > > > commBind: Cannot bind socket FD 11 to *:80: (13) Permission denied > > FATAL: Cannot open HTTP Port > > Squid Cache (Version 2.5.STABLE9): Terminated abnormally. > > The squid startup script probably changes to a non-root user before running the > squid binary, which means that squid cannot bind to a port below 1024. > Normally, people run squid on port 3128, although 8080 is also relatively common. You are exactly right, of course. I hadn't been able to spot anything obvious as to where that might be happening in the script so after your response I was prompted to grep through /etc/rc.subr. I now know what all those $(name)_* vars in the startup scripts are for! :) Given that squid.conf contains 'cache_effective_user' and 'cache_effective_group' settings, the 'squid_user' variable in the script is probably redundant. And that seems to be confirmed by a comparison of 'ps aux | grep squid' results from launching squid directly and, now, via the script with the squid_user var removed: root 92882 0.0 0.3 3172 1764 ?? Is 2:51AM 0:00.00 /usr/local/sbin/squid -D squid 92884 0.0 1.3 7472 6668 ?? S 2:51AM 0:00.24 (squid) -D (squid) squid 92885 0.0 0.1 1188 548 ?? Is 2:51AM 0:00.01 (unlinkd) (unlinkd) root 93310 0.0 0.3 3172 1764 ?? Is 3:29AM 0:00.00 /usr/local/sbin/squid -D squid 93312 0.0 1.3 7472 6668 ?? S 3:29AM 0:00.19 (squid) -D (squid) squid 93313 0.0 0.1 1188 548 ?? Is 3:29AM 0:00.01 (unlinkd) (unlinkd) I suppose the remaining question is whether there exists a valid reason to keep the squid_user variable in the script, or is it purely redundant and, in this case, troublesome. (By the way, the reason for running squid on port 80 is to run it as an httpd_accelerator, and in my case specifically, to allow for the handling of virtual web-hosts on a single IP over multiple servers.) In any case I suppose I should pose this question to the port maintainer. Many thanks, Wayne