Home / ubuntu / Questions / 1014864
In Process
ElToro1966
Asked: 2018-03-15 04:23:15 +0800 CST

Squid3 - Cannot write log file

  • 772

Have trouble starting a newly installed squid (Squid 3.5.27 on Linux ubuntu-server 4.13.0-36-generic). Keep getting:

$ squid
WARNING: Cannot write log file: /var/log/squid/cache.log
/var/log/squid/cache.log: Permission denied
         messages will be sent to 'stderr'.

I have altered the permissions as follows (as per comments):

$ sudo chmod 644 /var/log/squid/cache.log
$ namei -l /var/log/squid/cache.log
f: /var/log/squid/cache.log
drwxr-xr-x root  root   /
drwxr-xr-x root  root   var
drwxrwxr-x root  syslog log
drwxr-xr-x proxy proxy  squid
-rw-r--r-- 755   proxy  cache.log

The user proxy is right? Have seen user squid referred to in some posts, but in the servers /etc/passwd, only the user proxy is shown. After the changes, running squid with debug options: 

$ squid -NCd1
WARNING: Cannot write log file: /var/log/squid/cache.log
/var/log/squid/cache.log: Permission denied
         messages will be sent to 'stderr'.
2018/03/14 13:55:57| Set Current Directory to /var/cache/squid
WARNING: Cannot write log file: /var/log/squid/cache.log
/var/log/squid/cache.log: Permission denied
         messages will be sent to 'stderr'.
2018/03/14 13:55:57| WARNING: Closing open FD    2
2018/03/14 13:55:57| Starting Squid Cache version 3.5.27 for x86_64-pc-linux-gnu...
2018/03/14 13:55:57| Service Name: squid
2018/03/14 13:55:57| Process ID 4200
2018/03/14 13:55:57| Process Roles: master worker
2018/03/14 13:55:57| With 1024 file descriptors available
2018/03/14 13:55:57| Initializing IP Cache...
2018/03/14 13:55:57| DNS Socket created at [::], FD 8
2018/03/14 13:55:57| DNS Socket created at 0.0.0.0, FD 9
2018/03/14 13:55:57| Adding nameserver 127.0.0.53 from /etc/resolv.conf
2018/03/14 13:55:57| Adding domain WORKGROUP from /etc/resolv.conf
2018/03/14 13:55:57| Logfile: opening log daemon:/var/log/squid/access.log
2018/03/14 13:55:57| Logfile Daemon: opening log /var/log/squid/access.log
2018/03/14 13:55:57| WARNING: no_suid: setuid(0): (1) Operation not permitted
2018/03/14 13:55:57| Store logging disabled
2018/03/14 13:55:57| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2018/03/14 13:55:57| Target number of buckets: 1008
2018/03/14 13:55:57| Using 8192 Store buckets
2018/03/14 13:55:57| Max Mem  size: 262144 KB
2018/03/14 13:55:57| Max Swap size: 0 KB
2018/03/14 13:55:57| Using Least Load store dir selection
2018/03/14 13:55:57| Set Current Directory to /var/cache/squid
2018/03/14 13:55:57| Finished loading MIME types and icons.
2018/03/14 13:55:57| HTCP Disabled.
fopen: Permission denied
2018/03/14 13:55:57| WARNING: no_suid: setuid(0): (1) Operation not permitted
2018/03/14 13:55:57| Pinger socket opened on FD 16
2018/03/14 13:55:57| /var/run/squid.pid: (13) Permission denied
2018/03/14 13:55:57| Closing HTTP port [::]:3128
2018/03/14 13:55:57| Closing HTTPS port [::]:3130
FATAL: Could not write pid file
Squid Cache (Version 3.5.27): Terminated abnormally.
CPU Usage: 0.034 seconds = 0.022 user + 0.011 sys
Maximum Resident Size: 76608 KB
Page faults with physical i/o: 0
2018/03/14 13:55:57| pinger: Initialising ICMP pinger ...
2018/03/14 13:55:57|  icmp_sock: (1) Operation not permitted
2018/03/14 13:55:57| pinger: Unable to start ICMP pinger.
2018/03/14 13:55:57|  icmp_sock: (1) Operation not permitted
2018/03/14 13:55:57| pinger: Unable to start ICMPv6 pinger.
2018/03/14 13:55:57| FATAL: pinger: Unable to open any ICMP sockets.
Aborted (core dumped)

Using the proxy user for debugging (per comments), I get:

$ sudo -u proxy squid -NCd1
2018/03/14 16:00:50| Set Current Directory to /var/cache/squid
2018/03/14 16:00:50| Starting Squid Cache version 3.5.27 for x86_64-pc-linux-gnu...
2018/03/14 16:00:50| Service Name: squid
2018/03/14 16:00:50| Process ID 4468
2018/03/14 16:00:50| Process Roles: master worker
2018/03/14 16:00:50| With 1024 file descriptors available
2018/03/14 16:00:50| Initializing IP Cache...
2018/03/14 16:00:50| DNS Socket created at [::], FD 9
2018/03/14 16:00:50| DNS Socket created at 0.0.0.0, FD 10
2018/03/14 16:00:50| Adding nameserver 127.0.0.53 from /etc/resolv.conf
2018/03/14 16:00:50| Adding domain WORKGROUP from /etc/resolv.conf
2018/03/14 16:00:50| Logfile: opening log daemon:/var/log/squid/access.log
2018/03/14 16:00:50| Logfile Daemon: opening log /var/log/squid/access.log
2018/03/14 16:00:50| WARNING: no_suid: setuid(0): (1) Operation not permitted
2018/03/14 16:00:50| Store logging disabled
2018/03/14 16:00:50| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2018/03/14 16:00:50| Target number of buckets: 1008
2018/03/14 16:00:50| Using 8192 Store buckets
2018/03/14 16:00:50| Max Mem  size: 262144 KB
2018/03/14 16:00:50| Max Swap size: 0 KB
2018/03/14 16:00:50| Using Least Load store dir selection
2018/03/14 16:00:50| Set Current Directory to /var/cache/squid
2018/03/14 16:00:50| Finished loading MIME types and icons.
2018/03/14 16:00:50| HTCP Disabled.
2018/03/14 16:00:50| WARNING: no_suid: setuid(0): (1) Operation not permitted
2018/03/14 16:00:50| Pinger socket opened on FD 17
2018/03/14 16:00:50| /var/run/squid.pid: (13) Permission denied
2018/03/14 16:00:50| Closing HTTP port [::]:3128
2018/03/14 16:00:50| Closing HTTPS port [::]:3130
FATAL: Could not write pid file
Aborted

Adding a squid.pid with chown proxy, gives me a running squid:

$ sudo -u proxy squid -NCd1
2018/03/14 16:10:54| Set Current Directory to /var/cache/squid
2018/03/14 16:10:54| Starting Squid Cache version 3.5.27 for x86_64-pc-linux-gnu...
2018/03/14 16:10:54| Service Name: squid
2018/03/14 16:10:54| Process ID 4520
2018/03/14 16:10:54| Process Roles: master worker
2018/03/14 16:10:54| With 1024 file descriptors available
2018/03/14 16:10:54| Initializing IP Cache...
2018/03/14 16:10:54| DNS Socket created at [::], FD 9
2018/03/14 16:10:54| DNS Socket created at 0.0.0.0, FD 10
2018/03/14 16:10:54| Adding nameserver 127.0.0.53 from /etc/resolv.conf
2018/03/14 16:10:54| Adding domain WORKGROUP from /etc/resolv.conf
2018/03/14 16:10:54| Logfile: opening log daemon:/var/log/squid/access.log
2018/03/14 16:10:54| Logfile Daemon: opening log /var/log/squid/access.log
2018/03/14 16:10:54| WARNING: no_suid: setuid(0): (1) Operation not permitted
2018/03/14 16:10:54| Store logging disabled
2018/03/14 16:10:54| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2018/03/14 16:10:54| Target number of buckets: 1008
2018/03/14 16:10:54| Using 8192 Store buckets
2018/03/14 16:10:54| Max Mem  size: 262144 KB
2018/03/14 16:10:54| Max Swap size: 0 KB
2018/03/14 16:10:54| Using Least Load store dir selection
2018/03/14 16:10:54| Set Current Directory to /var/cache/squid
2018/03/14 16:10:54| Finished loading MIME types and icons.
2018/03/14 16:10:54| HTCP Disabled.
2018/03/14 16:10:54| WARNING: no_suid: setuid(0): (1) Operation not permitted
2018/03/14 16:10:54| Pinger socket opened on FD 17
2018/03/14 16:10:54| Squid plugin modules loaded: 0
2018/03/14 16:10:54| Adaptation support is off.
2018/03/14 16:10:54| Accepting SSL bumped HTTP Socket connections at local=[::]:3128 remote=[::] FD 14 flags=9
2018/03/14 16:10:54| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3130 remote=[::] FD 15 flags=41
2018/03/14 16:10:55| storeLateRelease: released 0 objects

Edited per comments.

server permissions proxy transparent-proxy squid

2 Answers

  1. chown 755 ... did you mean chmod 755? You set the owner of the file to user with ID 755 (and presumably there is no such user). Revert it back to be owned by the proxy user:

    sudo chown proxy /var/log/squid/cache.log

    And a log file doesn't need execute permissions. chmod 644 should be enough.

    • 3

  2. Juts use this command

    sudo chmod -R 1777 /var/log/squid/cache.log

    • -1