Mailinglist Archive: opensuse-security (12 mails)

< Previous Next >
[opensuse-security] Change /var/{cache,log}/squid ownership to squid:squid
Hi,

Can you take a look?

https://bugzilla.opensuse.org/show_bug.cgi?id=918434

Squid daemon having its own exclusive group should allow us drop root
group ownership on these folders.

Current 13.2 package (3.4.4-3.4.2):

# ls -al /var/{cache,log}/squid
/var/cache/squid:
total 76
drwxr-x--- 18 squid root 4096 Feb 20 07:31 .
drwxr-xr-x 8 root root 4096 Feb 20 07:30 ..
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 00
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 01
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 02
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 03
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 04
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 05
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 06
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 07
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 08
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 09
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 0A
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 0B
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 0C
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 0D
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 0E
drwxr-x--- 258 squid nogroup 4096 Feb 20 07:31 0F
-rw-r----- 1 squid nogroup 72 Feb 20 07:31 swap.state

/var/log/squid:
total 96
drwxr-x--- 2 squid root 4096 Feb 20 07:33 .
drwxr-xr-x 7 root root 4096 Feb 20 07:33 ..
-rw-r----- 1 squid root 0 Feb 20 07:33 access.log
-rw-r----- 1 squid nogroup 416 Feb 20 07:32 access.log-20150220.xz
-rw-r----- 1 squid root 79913 Feb 20 07:33 cache.log
-rw-r----- 1 squid nogroup 1580 Feb 20 07:32 cache.log-20150220.xz

After the changes:

# ls -al /var/{cache,log}/squid
/var/cache/squid:
total 76
drwxr-x--- 18 squid squid 4096 Feb 20 07:34 .
drwxr-xr-x 8 root root 4096 Feb 20 07:30 ..
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 00
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 01
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 02
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 03
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 04
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 05
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 06
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 07
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 08
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 09
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 0A
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 0B
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 0C
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 0D
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 0E
drwxr-x--- 258 squid squid 4096 Feb 20 07:31 0F
-rw-r----- 1 squid squid 72 Feb 20 07:34 swap.state

/var/log/squid:
total 176
drwxr-x--- 2 squid squid 4096 Feb 19 17:15 .
drwxr-xr-x 7 root root 4096 Feb 20 07:33 ..
-rw-r----- 1 squid squid 0 Feb 20 07:33 access.log
-rw-r----- 1 squid squid 416 Feb 20 07:32 access.log-20150220.xz
-rw-r----- 1 squid squid 163672 Feb 20 07:34 cache.log
-rw-r----- 1 squid squid 1580 Feb 20 07:32 cache.log-20150220.xz

logrotate config fragment is using 'su squid squid' as an extra safety measure.
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups