Date: Thu, 21 Feb 2008 03:05:23 GMT From: Jiro Kita <ktj@ktjdragon.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/120923: www/squidguard does not work unless its UID/GID are modified Message-ID: <200802210305.m1L35NL6090270@www.freebsd.org> Resent-Message-ID: <200802210310.m1L3A249093178@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 120923
>Category: ports
>Synopsis: www/squidguard does not work unless its UID/GID are modified
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 21 03:10:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Jiro Kita
>Release: 6.2-RELEASE-p9
>Organization:
>Environment:
FreeBSD ****** 6.2-RELEASE-p9 FreeBSD 6.2-RELEASE-p9 #0: Sat Jan 13 22:27:24 JST 2007 *******:/usr/obj/usr/src/sys/GENERIC i386
>Description:
www/squigguard installs blacklist files to /var/db/squidGuard and the UID:GID of the installed files is set to nobody:nogroup. The permission for the files is 0550 or 0660. On the other hand, www/squid specifies squid:squid as UID:GID.
As a result, squidGuard cannot handle blacklist files so websites that should not be accessed cannot be filtered.
>How-To-Repeat:
(1) install www/squid and www/squidguard without specifying UID/GID.
(2) set /usr/local/etc/squid/squid.conf and /usr/local/etc/squid/squidGuard based on post-install message of squidguard.
(3) test whether squidGuard properly works or not.
>Fix:
For my system, the attached patch for www/squidguard/Makefile can solve above problem.
In addition the post-install message of squidGuard requests to add "redirect_program" tag to squid.conf. However, in squid.conf, "url_rewrite_program" tag is indicated instead of "redirect_program" tag.
So, it may prefarable to replace "redirect_program" in the post-install message with "url_rewrite_program". The attached patch further fixes the post-install messages.
Patch attached with submission follows:
--- Makefile.patched Wed Feb 20 15:57:39 2008
+++ Makefile Wed Feb 20 16:03:13 2008
@@ -29,8 +29,8 @@
CFGINPUT= ${.CURDIR}/files/sgcfg.in
-SQUID_UID?= nobody
-SQUID_GID?= nogroup
+SQUID_UID?= squid
+SQUID_GID?= squid
DATADIR?= /var/db/${PORTNAME}
LOGDIR?= /var/log
@@ -39,10 +39,10 @@
PLIST_SUB= DATADIR=${DATADIR}
pre-fetch:
- @if [ ${SQUID_UID} = "nobody" -o ${SQUID_GID} = "nogroup" ] ; then \
+ @if [ ${SQUID_UID} = "squid" -o ${SQUID_GID} = "squid" ] ; then \
${ECHO_MSG} "===> SQUID_UID is set to \"${SQUID_UID}\" and SQUID_GID is set to \"${SQUID_GID}\"." ; \
${ECHO_MSG} " To change this specify them with your make arguments, e.g." ; \
- ${ECHO_MSG} " make SQUID_UID=squid SQUID_GID=squid" ; \
+ ${ECHO_MSG} " make SQUID_UID=nobody SQUID_GID=nogroup" ; \
fi
post-patch:
@@ -137,7 +137,7 @@
@${ECHO_MSG} " "
@${ECHO_MSG} "==================================================================="
@${ECHO_MSG} "= In order to activate ${PORTNAME} you have to edit squid.conf"
- @${ECHO_MSG} "= To the contain \"redirect_program ${PREFIX}/bin/${PORTNAME}\""
+ @${ECHO_MSG} "= To the contain \"url_rewrite_program ${PREFIX}/bin/${PORTNAME}\""
@${ECHO_MSG} "= and create a configuration file for ${PORTNAME}."
@${ECHO_MSG} "="
@${ECHO_MSG} "= To activate the changes do a ${PREFIX}/sbin/squid -k reconfigure"
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802210305.m1L35NL6090270>