sudo is your friend here
Sudo should be able to make short work of this problem. 'man sudo' for more help.
Basically it allows you to create a list of commands which may be run as other users by users. with sudo you can allow user 'nobody' (usually what apache runs as) to run squidguard but if someone were to get a shell on your system as nobody (remote exploit, etc.) they would not be able to run any other commands as root.
Unless, that is, they use a local root exploit. :-)
|