From owner-freebsd-ports  Fri Jan  1 11:46:26 1999
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA15460
          for freebsd-ports-outgoing; Fri, 1 Jan 1999 11:46:26 -0800 (PST)
          (envelope-from owner-freebsd-ports@FreeBSD.ORG)
Received: from rr.iij4u.or.jp (h207.p060.iij4u.or.jp [210.130.60.207])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id LAA15454
          for <ports@freebsd.org>; Fri, 1 Jan 1999 11:46:23 -0800 (PST)
          (envelope-from sada@rr.iij4u.or.jp)
Received: (qmail 17226 invoked by uid 1000); 2 Jan 1999 04:45:57 +0900
Date: 2 Jan 1999 04:45:57 +0900
Message-ID: <19990101194557.17225.qmail@rr.iij4u.or.jp>
To: peter@netplex.com.au
Cc: ports@FreeBSD.ORG, sada@FreeBSD.ORG
From: sada@FreeBSD.ORG
Subject: Re: ports/www/squid11
In-Reply-To: Your message of "Sat, 2 Jan 1999 02:28:59 JST".
	<199901011729.BAA97168@spinner.netplex.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Mailer: mnews [version 1.21] 1997-12/23(Tue)
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>> It really should be running as a unique uid so that it doesn't have to
>> share resource limits with things like fingerd, apache etc.  You can cause
>> a fair amount of chaos by finger bombing a site that is sharing the nobody
>> uid with other things that then suffer because they can't create processes
>> when they need to.  The other thing is that uid "nobody" isn't really
>> supposed to own any files at all..  However, I've been too lazy to write a 
>> useradd type hook for squid.

May I handle that work?
(for www/squid21 would be better?)

>> Note that installing squid with default options is rather bad..  It allows
>> relaying globally, among other things.  Things like the acl's need to be 
>> set, things like a user and the cache_effecive_user things are pretty 
>> small compared to that.  Squid 2.1 BTW, default's to a closed access list 
>> and requires the user to edit in their own address masks that they want to 
>> allow access to.

But I think that starting the editor for the setup file wouldn't promise
user's correct configurations.
People who knows what to do for the system would check the documentations
and setup without such help of ports.

At least, it would not be needed when `squid.conf' already exists.

If you really thought that editing squid.conf at the installation time is
necessity, squid port shoud be an interactive port by setting IS_INTERACTIVE.

Many ports need configuration work after the installation,
but doesn't start the editor. Notifying the user some advices
would be enough.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message