squid bind to port 80 fails when started via squid.sh script

Wayne Sierke ws at au.dyndns.ws
Tue Jul 5 18:48:14 GMT 2005 

On Tue, 2005-07-05 at 13:38 -0400, Chuck Swiger wrote:
> Wayne Sierke wrote:
> > FreeBSD 5.4-RELEASE/squid-2.5.9_3
> > 
> > If I start squid via the script (as root), I get:
> > 
> > /var/log/squid_cache.log:
> > 
> > commBind: Cannot bind socket FD 11 to *:80: (13) Permission denied
> > FATAL: Cannot open HTTP Port
> > Squid Cache (Version 2.5.STABLE9): Terminated abnormally.
> 
> The squid startup script probably changes to a non-root user before running the 
> squid binary, which means that squid cannot bind to a port below 1024. 
> Normally, people run squid on port 3128, although 8080 is also relatively common.

You are exactly right, of course. I hadn't been able to spot anything
obvious as to where that might be happening in the script so after your
response I was prompted to grep through /etc/rc.subr. I now know what
all those $(name)_* vars in the startup scripts are for! :)

Given that squid.conf contains 'cache_effective_user' and
'cache_effective_group' settings, the 'squid_user' variable in the
script is probably redundant. And that seems to be confirmed by a
comparison of 'ps aux | grep squid' results from launching squid
directly and, now, via the script with the squid_user var removed:

root  92882  0.0  0.3  3172  1764  ??  Is    2:51AM   0:00.00 /usr/local/sbin/squid -D
squid 92884  0.0  1.3  7472  6668  ??  S     2:51AM   0:00.24 (squid) -D (squid)
squid 92885  0.0  0.1  1188   548  ??  Is    2:51AM   0:00.01 (unlinkd) (unlinkd)

root  93310  0.0  0.3  3172  1764  ??  Is    3:29AM   0:00.00 /usr/local/sbin/squid -D
squid 93312  0.0  1.3  7472  6668  ??  S     3:29AM   0:00.19 (squid) -D (squid)
squid 93313  0.0  0.1  1188   548  ??  Is    3:29AM   0:00.01 (unlinkd) (unlinkd)


I suppose the remaining question is whether there exists a valid reason
to keep the squid_user variable in the script, or is it purely redundant
and, in this case, troublesome. (By the way, the reason for running
squid on port 80 is to run it as an httpd_accelerator, and in my case
specifically, to allow for the handling of virtual web-hosts on a single
IP over multiple servers.) In any case I suppose I should pose this
question to the port maintainer.


Many thanks,

Wayne

More information about the freebsd-questions mailing list