From owner-freebsd-security Wed Aug 1 6:14: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from internethelp.ru (wh.internethelp.ru [212.113.112.145]) by hub.freebsd.org (Postfix) with ESMTP id 2296237B401 for ; Wed, 1 Aug 2001 06:13:48 -0700 (PDT) (envelope-from nkritsky@internethelp.ru) Received: from IBMKA (ibmka.internethelp.ru. [192.168.0.6]) by internethelp.ru (8.9.3/8.9.3) with ESMTP id RAA50311; Wed, 1 Aug 2001 17:13:28 +0400 (MSD) Date: Wed, 1 Aug 2001 17:13:00 +0400 From: "Nickolay A.Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A.Kritsky" Organization: IHelp X-Priority: 3 (Normal) Message-ID: <79100794374.20010801171300@internethelp.ru> To: Mike Silbersack Cc: "Karsten W. Rohrbach" , security@FreeBSD.ORG Subject: Re[2]: accounting with ipfw (gid, uid riles) In-reply-To: <20010731175236.A58983-100000@achilles.silby.com> References: <20010731175236.A58983-100000@achilles.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Mike, Wednesday, August 01, 2001, 2:54:18 AM, you wrote: MS> On Tue, 31 Jul 2001, Karsten W. Rohrbach wrote: >> > If squid runs the listen as root, all sockets created from that listen >> > socket will also be accounted to root. Same problem as the above. I do >> > not know how natd would affect connections in terms of uid accounting. >> >> squid's standard ports are higher than 1024, so it should not be a >> problem to start it with a uid wrapper (setuidgid from daemontools >> or similar), shouldn't it? then the socket belongs to the squid user >> i think... >> >> /k MS> I'm not familiar with how squid acts, but your idea sounds good to me. MS> Tell us how it works. :) MS> Mike "Silby" Silbersack I fell that my first post was partly misunderstood: squid is running uid nobody on my host, which is not a problem at all - in my configuration file, it is said to be the default settings. this is from squid.conf: ;------------------------------------------------------------------ # TAG: cache_effective_user # TAG: cache_effective_group # # If the cache is run as root, it will change its effective/real # UID/GID to the UID/GID specified below. The default is to # change to UID to nobody and GID to nogroup. # # If Squid is not started as root, the default is to keep the # current UID/GID. Note that if Squid is not started as root then # you cannot set http_port to a value lower than 1024. # #cache_effective_user nobody #cache_effective_group nogroup ;------------------------------------------------------------------ the problem was: why the summary number of bytes shown by the rules 01010 count ip from any to 212.113.112.145 uid nobody via rl0 01010 count ip from 212.113.112.145 to any uid nobody via rl0 is less, than the number reported by squid itself. Why? ;------------------------------------------- ; NKritsky ; SysAdmin InternetHelp.Ru ; http://www.internethelp.ru ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message