[plug] Another (Possibly) Redhat specific squid tip

Christian christian at global.net.au
Sat Nov 21 16:04:52 WST 1998


At 13:49 21/11/98 +0800, you wrote:
>Just noticed that my user "nobody" was disabled from a default redhat
>5.1 install... while this is good from a security perspective, it meant
>that when squid was trying to use user nobody as per the squid.conf
>line:
>
>cache_effective_user nobody nobody
>
>it wasn't having a lot of luck... so I enabled the nobody user, and gave
>it a password for security reasons, and squid now seems to be running a
>heap faster!...

Knowing very little about squid I'm reticient to open my mouth but,
wouldn't squid be started as root and then seteuid() to nobody? (ie, the
same way most web servers do).  This being the case then user nobody
shouldn't have a password and should be disabled since no password is
needed upon root calling seteuid() (try su'ing to any user, enabled or no,
as root).

After all, if you'd set a password for user nobody, how do you then tell
squid what the password is? :)

I'd suggest maybe the speed increase in squid is due to something else
although anyone feel free to correct me if I'm way off the mark here. :)

Regards,

Christian.


=============================================================================
I'm not trying to give users what they want, I'm trying to give them
 freedom, which they can then accept or reject. If people don't want
freedom, they may be out of luck with me, but I won't allow them to define
for me what is right, what is worth spending my life for.
								- rms


More information about the plug mailing list