From owner-freebsd-questions@FreeBSD.ORG  Wed Jul  6 06:09:37 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6EA5216A41C
	for <freebsd-questions@freebsd.org>;
	Wed,  6 Jul 2005 06:09:37 +0000 (GMT) (envelope-from ws@au.dyndns.ws)
Received: from smtp1.adl2.internode.on.net (smtp1.adl2.internode.on.net
	[203.16.214.181])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D65C343D46
	for <freebsd-questions@freebsd.org>;
	Wed,  6 Jul 2005 06:09:36 +0000 (GMT) (envelope-from ws@au.dyndns.ws)
Received: from lillith-iv.ovirt.dyndns.ws (ppp103-111.static.internode.on.net
	[150.101.103.111])
	by smtp1.adl2.internode.on.net (8.12.9/8.12.9) with ESMTP id
	j6669Xl0097458; Wed, 6 Jul 2005 15:39:34 +0930 (CST)
X-Envelope-From: ws@au.dyndns.ws
X-Envelope-To: freebsd-questions@freebsd.org
Received: from [192.168.1.194] ([192.168.1.194])
	by lillith-iv.ovirt.dyndns.ws (8.13.3/8.13.3) with ESMTP id
	j6669EVa079696; Wed, 6 Jul 2005 15:39:15 +0930 (CST)
	(envelope-from ws@au.dyndns.ws)
From: Wayne Sierke <ws@au.dyndns.ws>
To: "P.U.Kruppa" <root@pukruppa.de>
In-Reply-To: <20050706033032.E21919@www.pukruppa.net>
References: <1120584597.57575.51.camel@au.dyndns.ws>
	<20050706033032.E21919@www.pukruppa.net>
Content-Type: text/plain
Date: Wed, 06 Jul 2005 15:39:14 +0930
Message-Id: <1120630154.57575.97.camel@au.dyndns.ws>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.2 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.51 on 192.168.1.142
X-Scanned-By: SpamAssassin 3.000003(2005-04-27)
X-Scanned-By: F-Prot
X-Scanned-By: ClamAV
X-Spam-Score: -2.82 () ALL_TRUSTED
Cc: freebsd-questions@freebsd.org
Subject: Re: squid bind to port 80 fails when started via squid.sh script
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2005 06:09:37 -0000

On Wed, 2005-07-06 at 03:33 +0200, P.U.Kruppa wrote:
> On Wed, 6 Jul 2005, Wayne Sierke wrote:
> 
> > FreeBSD 5.4-RELEASE/squid-2.5.9_3
> >
> > If I start squid via the script (as root), I get:
> >
> > /var/log/squid_cache.log:
> >
> > commBind: Cannot bind socket FD 11 to *:80: (13) Permission denied
> > FATAL: Cannot open HTTP Port
> > Squid Cache (Version 2.5.STABLE9): Terminated abnormally.
> Did you set
> squid_enable="YES"

Yes.

> squid_user="root"

No, it didn't occur to me. I was assuming that the script would set it
to the required user and I didn't see any documentation about it.
However I can now see that it should probably be self-evident for even a
semi-competent user. :)

> squid_flags="-D"

No. It's the default in the script.

> in /etc/rc.conf ?
> 
> Regards,
> 
> Uli.

Just so I can learn a bit more from this - has this script been designed
like this because it is specifically safer to launch the squid
executable as user 'squid'? Or is it just because it's the 'norm' to
avoid running programs (from launch scripts) as root whenever possible?


Thanks for your help,

Wayne