From owner-freebsd-ports@FreeBSD.ORG Wed Jun 17 11:38:03 2009 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 05944106567A for ; Wed, 17 Jun 2009 11:38:03 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ew0-f212.google.com (mail-ew0-f212.google.com [209.85.219.212]) by mx1.freebsd.org (Postfix) with ESMTP id 898918FC0A for ; Wed, 17 Jun 2009 11:38:02 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by ewy8 with SMTP id 8so326673ewy.43 for ; Wed, 17 Jun 2009 04:38:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=BLb9Pb9eiGdJknCgPMGejGAZBaqsIWhFBLoU/vS59NA=; b=rkgj3Fv6LpV0QxpfbHdNpgx2eUWSo6PoYFAotZsUm9yCAuN+RyqXwB+CjS+gUvY2im t5tqxWQVz/eteJjq2uL1Db4ZuBOfXKN8LITYqlDRi4t95nsjno0qnFdO4a8EuGmX871N wXZ2ER255VLuVPSQi2CTzmjTnPdo3IlVPSyTE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=KqV4RxiaSHP8Y4nwzK6SwKrdIk4zoQZYLJt2Bw2odZd1hsPXSLrXcMGgwLDLXiKpuE g+DKX8T55kWo5JuacXV/mFDOKCpLU+Z4Vl0Y+i6P8SgjhvdjarnK/kiC2JjKxYHwdrbd +ZNt75gpwh2GD/Vuj5PBRbrUeuZIeRzaEQYok= Received: by 10.210.34.2 with SMTP id h2mr71626ebh.39.1245238681541; Wed, 17 Jun 2009 04:38:01 -0700 (PDT) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id 24sm61810eyx.23.2009.06.17.04.38.00 (version=SSLv3 cipher=RC4-MD5); Wed, 17 Jun 2009 04:38:00 -0700 (PDT) Date: Wed, 17 Jun 2009 12:37:58 +0100 From: RW To: ports@freebsd.org Message-ID: <20090617123758.71143a96@gumby.homeunix.com> In-Reply-To: <6F3DA1E9-877B-438D-BE2A-D9800C210AA7@goldmark.org> References: <6F3DA1E9-877B-438D-BE2A-D9800C210AA7@goldmark.org> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.2; i386-portbld-freebsd7.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Subject: Re: Safe to run squid_user=root ? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2009 11:38:03 -0000 On Tue, 16 Jun 2009 22:48:17 -0500 Jeffrey Goldberg wrote: > www/squid30 sets up an rc.d startup script that includes > > squid_user=${squid_user:-squid} > > This makes it impossible to get squid to listen on a port lower than > 1024. > > If I specify > > squid_user=root > > in my rc.conf will I be doing something stupid? Does squid > appropriately drop privileges after binding to a socket? I don't use squid 3.x but it does in squid 2.x, look for cache_effective_user and cache_effective_group in the default configuration file.