From owner-freebsd-ports Fri Jan 1 09:41:55 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA02894 for freebsd-ports-outgoing; Fri, 1 Jan 1999 09:41:55 -0800 (PST) (envelope-from owner-freebsd-ports@FreeBSD.ORG) Received: from spinner.netplex.com.au (spinner.netplex.com.au [202.12.86.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA02886; Fri, 1 Jan 1999 09:41:49 -0800 (PST) (envelope-from peter@netplex.com.au) Received: from spinner.netplex.com.au (peter@localhost [127.0.0.1]) by spinner.netplex.com.au (8.9.1/8.9.1/Netplex) with ESMTP id BAA97168; Sat, 2 Jan 1999 01:29:00 +0800 (WST) (envelope-from peter@spinner.netplex.com.au) Message-Id: <199901011729.BAA97168@spinner.netplex.com.au> X-Mailer: exmh version 2.0.2 2/24/98 To: sada@FreeBSD.ORG cc: ports@FreeBSD.ORG In-reply-to: Your message of "01 Jan 1999 07:58:56 +0900." <19981231225856.94401.qmail@rr.iij4u.or.jp> Date: Sat, 02 Jan 1999 01:28:59 +0800 From: Peter Wemm Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org sada@freebsd.org wrote: > Hello. > I recommend the change of "www/squid11" port. > > 1) All users have to build the cache directory before using squid, so, > do it automatically by the port. > And how about the cache and log directory to be moved to /var/squid ? > 2) And We all have to set `cache_effective_user nobody nogroup' > everytime we use the port. Set this automatically, also. > 3) It would be convinient by Dial-up users that skip startup-time's DNS test. > Prepare $PREFIX/local/etc/squid/squid.option and RunCache would influence > the file's contents. > 4) Stop opning `squid.conf' by editor at install time. > Users could do it after the installation only when they need. > > The patch is placed at `http://WWW.jp.FreeBSD.ORG/~sada/squid11.diff.gz'. > I'd like to be waiting for your idea about them. > If you are too busy to respond, I'll commit the changes at 5 days later. > Thanks. It really should be running as a unique uid so that it doesn't have to share resource limits with things like fingerd, apache etc. You can cause a fair amount of chaos by finger bombing a site that is sharing the nobody uid with other things that then suffer because they can't create processes when they need to. The other thing is that uid "nobody" isn't really supposed to own any files at all.. However, I've been too lazy to write a useradd type hook for squid. Note that installing squid with default options is rather bad.. It allows relaying globally, among other things. Things like the acl's need to be set, things like a user and the cache_effecive_user things are pretty small compared to that. Squid 2.1 BTW, default's to a closed access list and requires the user to edit in their own address masks that they want to allow access to. If you wanted to take a shot at some of those problems, I'd appreciate it. However, squid isn't likely to be an 'install-and-forget' thing. It requires fairly extensive config file editing, some crontab entries (rotate logs etc). I do not want to belittle your work, but there are bigger problems that have not been addressed. Also, squid 1.1 is depreciated by the authors and really shouldn't be used for new installations. I was thinking about deleting the 1.1 and 2.0 ports leaving the (stable) 2.1 patch 2 release. Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message