Bug 36386
| Summary: | www/squid24 might overwrite perms on log and cache dir during update | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Thomas-Martin Seck <tmseck> | ||||
| Component: | Individual Port(s) | Assignee: | Adrian Chadd <adrian> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
Responsible Changed From-To: freebsd-ports->adrian Over to maintainer This PR can be closed. A fix has been committed to www/squid and www/squid24. State Changed From-To: open->closed Fix committed in the past sometime - requestor asked for this ticket to be closed. |
The installation of squid 2.4 ends with the creation of the log and cache dir in ${PREFIX}/squid/logs and ${PREFIX}/squid/cache. When these directories have been created, a chown nobody:nogroup is done. The script does not check whether these directories already exist and will thus enforce the aforementioned permission even when doing an update. This will unfortunately break an updated installation where the squid process does not run under the 'nobody' account but a dedicated 'squid' account. Fix: Do not try to create the log and cache directory if they already exist. Especially, do not try to be smarter than the administrator regarding permissions on these directories :) The patch: How-To-Repeat: Install squid 2.4. Configure it so that it uses a dedicated account other than nobody. Do not place the dedicated account in the 'nogroup' group. Do a chmod $squid_accout:$squid_group on the log and cache directory and change the permissions on these directories to 750. Stop squid, then deinstall and reinstall it via the ports. Start squid and see it barf about not being able to write into the abovementioned dirs.