[SOLVED] reloading squid changes ownership and kills transparent proxy

mrpurple · 12-15-2011, 09:24 PM

I'd like to reload my modified ACLs using

Code:

sudo service squid reload

except when I do, my transparent proxy stops working

Code:

 ps aux | grep squid

gives

Code:

root      6484  0.3 80.9 515804 359436 ?       Rs   15:46   0:05 /usr/sbin/squid -N -D
tango     6998  0.0  0.1   3324   804 pts/0    S+   16:15   0:00 grep --color=auto squid

If i restart squid with

Code:

sudo service squid restart

and ps aux again i get

Code:

proxy     7010 34.8 86.5 515408 384160 ?       Ss   16:15   0:04 /usr/sbin/squid -N -D
tango     7013  0.0  0.1   3324   804 pts/0    S+   16:15   0:00 grep --color=auto squid

And the transparent proxy starts working again???
Anybody know why the ownership (and functionality) changes? I would rather use reload as its substantially faster but its not much use at the moment.
I'm using ubuntu 10.04 and squid 2.7STABLE7

bathory · 12-16-2011, 02:56 AM

Hi,

I guess you hit this bug. Try to update your squid version and see if it works.

Regards

mrpurple · 12-18-2011, 04:15 PM

Thanks,
Wow my first bug! (rather than operator error)
OK I followed an upgrade how to from here http://ubuntuforums.org/showthread.php?t=1460005
And managed to get squid3 up and running but I'm still having similar problems so I'm going for squid3 into a clean (no squid 2.7) installation and see how that pans out.
Thanks again
For those who want to know here were the commands (As best as I could document them for by 32bit system as I went) to get Squid3.1.16 onto ubuntu 10.04

Code:

cd ~/
mkdir newsquid
cd newsquid
sudo apt-get install build-essential libldap2-dev libpam0g-dev libdb-dev dpatch cdbs libsasl2-dev debhelper libcppunit-dev libkrb5-dev comerr-dev libcap2-dev libexpat1-dev libxml2-dev libcap2-dev dpkg-dev curl
wget http://ftp.us.debian.org/debian/pool/main/libm/libmd5-perl/libmd5-perl_2.03-1_all.deb
sudo dpkg -i libmd5-perl_2.03-1_all.deb
#go to http://ftp.us.debian.org/debian/pool/main/libm/libmd5-perl/ and find the latest version of the all_deb file copy the file name into the following commands where approriate
wget http://ftp.de.debian.org/debian/pool/main/s/squid3/squid3_3.1.16-1.dsc
wget http://ftp.de.debian.org/debian/pool/main/s/squid3/squid3_3.1.16.orig.tar.gz
wget http://ftp.de.debian.org/debian/pool/main/s/squid3/squid3_3.1.16-1.debian.tar.gz
sudo dpkg-source -x squid3_3.1.16-1.dsc
cd  squid3-3.1.16
sudo apt-get install libltdl-dev
sudo dpkg-buildpackage -b
cd ../
wget http://ftp.nz.debian.org/debian/pool/main/s/squid-langpack/squid-langpack_20110902-1_all.deb
sudo dpkg -i squid-langpack_20110902-1_all.deb
wget http://ftp.de.debian.org/debian/pool/main/s/squid3/squid3-common_3.1.16-1_all.deb
sudo dpkg -i squid3-common_3.1.16-1_all.deb
wget http://ftp.de.debian.org/debian/pool/main/s/squid3/squid3_3.1.16-1_i386.deb
sudo dpkg -i squid3_3.1.16-1_i386.deb
wget http://ftp.de.debian.org/debian/pool/main/s/squid3/squid-cgi_3.1.16-1_i386.deb
sudo dpkg -i squid-cgi_3.1.16-1_i386.deb
sudo cp /usr/share/doc/squid3-common/squid.conf.documented.gz /etc/squid3
sudo gunzip /etc/squid3/squid.conf.documented.gz
sudo nano /etc/squid3/squid.conf
#Now you have to make the changes to the conf file as you did with the old squid including some changes related to the new version such as
#http_port 3128 transparent
#Becomes
http_port 3128 intercept
#I had to add back in my ACLs too but mostly had them in includes files so that was easy
#removed old squid
sudo apt-get remove squid
sudo /etc/init.d/squid3 start

mrpurple · 12-19-2011, 01:39 PM

Ok so installing the latest from scratch landed me in effectinvely the same position with the squid process being owned by root instead of proxy.
Here's what I did to fix: It seems that a failed configuration is the cause in this case. Checking the /var/log/cache.log pointed me to various issues, including conflicting acl rules, which when fixed allowed the reload to run squid owned by proxy.

mrpurple · 12-19-2011, 01:58 PM

Its probably worth adding that if an error in a custom rule does switch the ownership to root then you have to fix it AND restart squid to get proxy ownership back