From owner-freebsd-ports@FreeBSD.ORG  Wed Jun 17 04:06:03 2009
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1E79C106566C
	for <freebsd-ports@FreeBSD.org>; Wed, 17 Jun 2009 04:06:03 +0000 (UTC)
	(envelope-from jeffrey@goldmark.org)
Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com
	[66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id E95848FC14
	for <freebsd-ports@FreeBSD.org>; Wed, 17 Jun 2009 04:06:02 +0000 (UTC)
	(envelope-from jeffrey@goldmark.org)
Received: from compute1.internal (compute1.internal [10.202.2.41])
	by out1.messagingengine.com (Postfix) with ESMTP id CA3AD3605AA
	for <freebsd-ports@FreeBSD.org>; Tue, 16 Jun 2009 23:48:18 -0400 (EDT)
Received: from heartbeat1.messagingengine.com ([10.202.2.160])
	by compute1.internal (MEProxy); Tue, 16 Jun 2009 23:48:18 -0400
X-Sasl-enc: 4AII7PjanWHzoBuIVQDGj2nY4Q8vW1fWPG1wL4hubFf6 1245210498
Received: from hagrid.ewd.goldmark.org (n114.ewd.goldmark.org [72.64.118.114])
	by mail.messagingengine.com (Postfix) with ESMTPSA id 773E93CB63
	for <freebsd-ports@FreeBSD.org>; Tue, 16 Jun 2009 23:48:18 -0400 (EDT)
Message-Id: <6F3DA1E9-877B-438D-BE2A-D9800C210AA7@goldmark.org>
From: Jeffrey Goldberg <jeffrey@goldmark.org>
To: FreeBSD Ports List <freebsd-ports@FreeBSD.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Tue, 16 Jun 2009 22:48:17 -0500
X-Mailer: Apple Mail (2.935.3)
Cc: 
Subject: Safe to run squid_user=root ?
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2009 04:06:03 -0000

www/squid30 sets up an rc.d startup script that includes

   squid_user=${squid_user:-squid}

This makes it impossible to get squid to listen on a port lower than  
1024.

If I specify

  squid_user=root

in my rc.conf will I be doing something stupid?  Does squid  
appropriately drop privileges after binding to a socket?

The background for this is that I want to set up a proxy to listen on  
port 70 (yes that is gopher).  There is a bit of a move afoot to set  
up proxies to allow people from Iran to get to sites like twitter and  
facebook which are currently being blocked by the Iranian government.   
They have just started blocking things to destination ports like 8080  
and 3128.

FreeBSD 7-STABLE, www/squid30

Cheers,

-j

-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/