PDA

View Full Version : OpenSuSe Leap -> Networking -> Proxy Server: Squid + C-ICAP



ntienjem
16-Nov-2016, 00:04
OpenSuSe Leap 42.1 -> Networking -> Proxy Server: Squid + C-ICAP -- File permission for SquidGuardDB

1 Configuration

1.1 Squid.conf

#-------------------------------------
# Adaptation parameters
#-------------------------------------
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Client-Username
icap_preview_enable on
icap_preview_size 1024
icap_service_failure_limit -1

# Virus scan service
#icap_service service_avi_req reqmod_precache icap://localhost:1344/virus_scan bypass=off
#adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://localhost:1344/virus_scan bypass=on
#adaptation_access service_avi_resp allow all

# URL Check service
icap_service service_url_chk_req reqmod_precache icap://localhost:1344/srv_url_check bypass=on
#adaptation_access service_url_chk_resp allow all
# ClamAV service
#icap_service service_avi_req reqmod_precache icap://localhost:1344/squidclamav bypass=on

adaptation_service_chain svcRequest service_url_chk_req service_avi_req
adaptation_access svcRequest allow all

---------------------------------------------

1.2 c-icap.conf

User c-icap
Group c-icap

Include virus_scan.conf

Include srv_url_check.conf

--------------------------------------------------------

1.3 srv_url_check.conf

# TAG: url_check.LoadSquidGuardDB
url_check.LoadSquidGuardDB ads /var/lib/squidGuard/db/blacklists/ads/ "BlacklistURL Ads Sites"
url_check.LoadSquidGuardDB adult /var/lib/squidGuard/db/blacklists/adult/ "BlacklistURL Adult Sites"

url_check.Profile default block ads
url_check.Profile default block adult

Create the Berkeley DB:
c-icap-mods-sguardDB -C -db /var/lib/squidGuard/db/blacklists/ads
c-icap-mods-sguardDB -C -db /var/lib/squidGuard/db/blacklists/adult

-----------------------------------------------------

2 Set file permission for SquidGuard DB

Change owner
chown -R squid:nogroup /var/lib/squidGuard/db/blacklists

ls -l /var/lib/squidGuard/db/blacklists/ads/
total 2872
-rw-r----- 1 squid nogroup 24576 Nov 13 17:05 __db.001
-rw-r----- 1 squid nogroup 212992 Nov 13 17:05 __db.002
-rw-r----- 1 squid nogroup 270336 Nov 13 17:05 __db.003
-rw-r----- 1 squid nogroup 802816 Nov 13 17:05 __db.004
-rw-r--r-- 1 squid nogroup 469362 Nov 1 01:16 domains
-rw-r----- 1 squid nogroup 1253376 Nov 13 17:05 domains.db
-rw-r--r-- 1 squid nogroup 649 Nov 1 01:16 expressions
-rw-r--r-- 1 squid nogroup 31064 Nov 1 01:16 urls
-rw-r----- 1 squid nogroup 53248 Nov 13 17:05 urls.db

---------------------------------------------------

3 Start c-icap service

systemctl status c-icap.service
c-icap.service - C implementation of ICAP protocol
Loaded: loaded (/usr/lib/systemd/system/c-icap.service; enabled)
Active: active (running) since Sat 2016-11-14 10:01:30 EST; 51s ago
Main PID: 6861 (c-icap)
CGroup: /system.slice/c-icap.service
������ 6861 /usr/bin/c-icap -N
������13687 /usr/bin/c-icap -N
������14618 /usr/bin/c-icap -N
������18663 /usr/bin/c-icap -N

Nov 14 10:02:21 shutndap c-icap[6861]: /var/lib/squidGuard/db/blacklists/adult/__db.001: Permission denied
Nov 14 10:02:21 shutndap c-icap[6861]: /var/lib/squidGuard/db/blacklists/ads/__db.001: Permission denied

-------------------------------------------------------

What is the correct file permission for the SquidGuard DB?

I have also tried
a) chown -R c-icap:c-icap /var/lib/squidGuard/db/blacklists
and
b) chown -R squid:c-icap /var/lib/squidGuard/db/blacklists

smflood
16-Nov-2016, 00:35
ntienjem Wrote in message:

> OpenSuSe Leap 42.1 -> Networking -> Proxy Server: Squid + C-ICAP -- File
> permission for SquidGuardDB

This forum is for issues relating to SUSE Linux Enterprise Desktop
(SLED). Since you are using openSUSE you should repost your issue
in the openSUSE Forums at https://forums.opensuse.org/forum.php

HTH.
--
Simon Flood
SUSE Knowledge Partner


----Android NewsGroup Reader----
http://usenet.sinaapp.com/