http://bugzilla.opensuse.org/show_bug.cgi?id=918434 Bug ID: 918434 Summary: Change /var/{cache,log}/squid ownership to squid:squid Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: marcosfrm@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I am not sure why both folders are owned by root group since the user squid processes run on is squid:squid (Factory). Perhaps because the 'nogroup' group used by older packages is somewhat unprivileged and changing it artificially to root was a security measuse. So I propose as a RFC (to Factory) the attached patches, that: - Remove remaining permissions bits: it is unused. - Change id/getent checks to use exit codes. - Apply new group to /var/{cache,log}/squid contents if necessary on upgrade. - Drop 'create' from logrotate config. Log files will be created by squid itself as squid:squid 640. Also supress errors from squid invocation there. - Requires adjustments. I tested these modifications (3.4.10-1.2 as base) upgrading from 3.4.4-3.4.2 (which still uses squid:nogroup) in 13.2 and everything is working so far. After a broader testing round, it can go to 13.2 updates. Once this hits stable, #894636 and #894840 can be closed. -- You are receiving this mail because: You are on the CC list for the bug.