OpenSuSe Leap 42.1 -> Networking -> Proxy Server: Squid + C-ICAP -- File permission for SquidGuardDB

1 Configuration

1.1 Squid.conf

#-------------------------------------
# Adaptation parameters
#-------------------------------------
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Client-Username
icap_preview_enable on
icap_preview_size 1024
icap_service_failure_limit -1

# Virus scan service
#icap_service service_avi_req reqmod_precache icap://localhost:1344/virus_scan bypass=off
#adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://localhost:1344/virus_scan bypass=on
#adaptation_access service_avi_resp allow all

# URL Check service
icap_service service_url_chk_req reqmod_precache icap://localhost:1344/srv_url_check bypass=on
#adaptation_access service_url_chk_resp allow all
# ClamAV service
#icap_service service_avi_req reqmod_precache icap://localhost:1344/squidclamav bypass=on

adaptation_service_chain svcRequest service_url_chk_req service_avi_req
adaptation_access svcRequest allow all

---------------------------------------------

1.2 c-icap.conf

User c-icap
Group c-icap

Include virus_scan.conf

Include srv_url_check.conf

--------------------------------------------------------

1.3 srv_url_check.conf

# TAG: url_check.LoadSquidGuardDB
url_check.LoadSquidGuardDB ads /var/lib/squidGuard/db/blacklists/ads/ "BlacklistURL Ads Sites"
url_check.LoadSquidGuardDB adult /var/lib/squidGuard/db/blacklists/adult/ "BlacklistURL Adult Sites"

url_check.Profile default block ads
url_check.Profile default block adult

Create the Berkeley DB:
c-icap-mods-sguardDB -C -db /var/lib/squidGuard/db/blacklists/ads
c-icap-mods-sguardDB -C -db /var/lib/squidGuard/db/blacklists/adult

-----------------------------------------------------

2 Set file permission for SquidGuard DB

Change owner
chown -R squid:nogroup /var/lib/squidGuard/db/blacklists

ls -l /var/lib/squidGuard/db/blacklists/ads/
total 2872
-rw-r----- 1 squid nogroup 24576 Nov 13 17:05 __db.001
-rw-r----- 1 squid nogroup 212992 Nov 13 17:05 __db.002
-rw-r----- 1 squid nogroup 270336 Nov 13 17:05 __db.003
-rw-r----- 1 squid nogroup 802816 Nov 13 17:05 __db.004
-rw-r--r-- 1 squid nogroup 469362 Nov 1 01:16 domains
-rw-r----- 1 squid nogroup 1253376 Nov 13 17:05 domains.db
-rw-r--r-- 1 squid nogroup 649 Nov 1 01:16 expressions
-rw-r--r-- 1 squid nogroup 31064 Nov 1 01:16 urls
-rw-r----- 1 squid nogroup 53248 Nov 13 17:05 urls.db

---------------------------------------------------

3 Start c-icap service

systemctl status c-icap.service
c-icap.service - C implementation of ICAP protocol
Loaded: loaded (/usr/lib/systemd/system/c-icap.service; enabled)
Active: active (running) since Sat 2016-11-14 10:01:30 EST; 51s ago
Main PID: 6861 (c-icap)
CGroup: /system.slice/c-icap.service
������ 6861 /usr/bin/c-icap -N
������13687 /usr/bin/c-icap -N
������14618 /usr/bin/c-icap -N
������18663 /usr/bin/c-icap -N

Nov 14 10:02:21 shutndap c-icap[6861]: /var/lib/squidGuard/db/blacklists/adult/__db.001: Permission denied
Nov 14 10:02:21 shutndap c-icap[6861]: /var/lib/squidGuard/db/blacklists/ads/__db.001: Permission denied

-------------------------------------------------------

What is the correct file permission for the SquidGuard DB?

I have also tried
a) chown -R c-icap:c-icap /var/lib/squidGuard/db/blacklists
and
b) chown -R squid:c-icap /var/lib/squidGuard/db/blacklists