Should a "squid" user have a shell?

[RW]

On Wed, 1 Sep 2010 09:38:03 -0700
Ed Flecko <edflecko at gmail.com> wrote:

> Thank you Jerry.
> 
> The only reason I'm not using the squid port is because I found a
> website
> ( http://teklimbu.wordpress.com/2007/10/03/enterprise-freebsd-squid-proxy-server/ )
> that has detailed instructions on installing squid for an Enterprise
> environment claiming the performance is very good.
> 
> Since I'm new to using squid and using squid on FreeBSD, I'm simply
> trying to duplicate his setup. It's quite possible that I could
> achieve the same performance results from using the port install of
> squid...but maybe I wouldn't.

You might as well build the port. There's nothing special in his
configure settings - although the squid port provides a variable for
this if you if you want to add extra configure settings  not supported
by the port options. The port will apply some patches to the code
that may, or may not, be need. It will also provide an rc script and
create the user/group. 

Either way you need to run squid -z to create the directories. IIRC
this will create the directories with the correct ownership if the
effective user/group is correct in squid.conf.


That just leaves squid.conf which you have to setup anyway, since the
port defaults to a small "ufs" cache. I'd suggest taking the default
and stripping out the very lengthy comments, and them merging in any
settings you want from his file - having looked-up what they actually
do. Some of his setting are sensible, such as using diskd, some less
so, such as the acl to deny query url caching, which more efficiently
handled through refresh patterns in the default file. 

Also I'd suggest not using heap GDSF/LFUDA cache replacement until you
have established you can't get a week's retention from the default lru
policy. The suggestion of running a local dns cache shouldn't make much
difference since squid does it own caching.