OpenSuSe Leap -> Networking -> Proxy Server: Squid + C-ICAP

SUSE Linux Enterprise Desktop SLED Networking
1

OpenSuSe Leap 42.1 → Networking → Proxy Server: Squid + C-ICAP – File permission for SquidGuardDB

1 Configuration

1.1 Squid.conf

#-------------------------------------

Adaptation parameters

#-------------------------------------
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Client-Username
icap_preview_enable on
icap_preview_size 1024
icap_service_failure_limit -1

Virus scan service

#icap_service service_avi_req reqmod_precache icap://localhost:1344/virus_scan bypass=off
#adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://localhost:1344/virus_scan bypass=on
#adaptation_access service_avi_resp allow all

URL Check service

icap_service service_url_chk_req reqmod_precache icap://localhost:1344/srv_url_check bypass=on
#adaptation_access service_url_chk_resp allow all

ClamAV service

#icap_service service_avi_req reqmod_precache icap://localhost:1344/squidclamav bypass=on

adaptation_service_chain svcRequest service_url_chk_req service_avi_req
adaptation_access svcRequest allow all

1.2 c-icap.conf

User c-icap
Group c-icap

Include virus_scan.conf

Include srv_url_check.conf

1.3 srv_url_check.conf

TAG: url_check.LoadSquidGuardDB

url_check.LoadSquidGuardDB ads /var/lib/squidGuard/db/blacklists/ads/ “BlacklistURL Ads Sites”
url_check.LoadSquidGuardDB adult /var/lib/squidGuard/db/blacklists/adult/ “BlacklistURL Adult Sites”

url_check.Profile default block ads
url_check.Profile default block adult

Create the Berkeley DB:
c-icap-mods-sguardDB -C -db /var/lib/squidGuard/db/blacklists/ads
c-icap-mods-sguardDB -C -db /var/lib/squidGuard/db/blacklists/adult

2 Set file permission for SquidGuard DB

Change owner
chown -R squid:nogroup /var/lib/squidGuard/db/blacklists

ls -l /var/lib/squidGuard/db/blacklists/ads/
total 2872
-rw-r----- 1 squid nogroup 24576 Nov 13 17:05 __db.001
-rw-r----- 1 squid nogroup 212992 Nov 13 17:05 __db.002
-rw-r----- 1 squid nogroup 270336 Nov 13 17:05 __db.003
-rw-r----- 1 squid nogroup 802816 Nov 13 17:05 __db.004
-rw-r–r-- 1 squid nogroup 469362 Nov 1 01:16 domains
-rw-r----- 1 squid nogroup 1253376 Nov 13 17:05 domains.db
-rw-r–r-- 1 squid nogroup 649 Nov 1 01:16 expressions
-rw-r–r-- 1 squid nogroup 31064 Nov 1 01:16 urls
-rw-r----- 1 squid nogroup 53248 Nov 13 17:05 urls.db

3 Start c-icap service

systemctl status c-icap.service
c-icap.service - C implementation of ICAP protocol
Loaded: loaded (/usr/lib/systemd/system/c-icap.service; enabled)
Active: active (running) since Sat 2016-11-14 10:01:30 EST; 51s ago
Main PID: 6861 (c-icap)
CGroup: /system.slice/c-icap.service
������ 6861 /usr/bin/c-icap -N
������13687 /usr/bin/c-icap -N
������14618 /usr/bin/c-icap -N
������18663 /usr/bin/c-icap -N

Nov 14 10:02:21 shutndap c-icap[6861]: /var/lib/squidGuard/db/blacklists/adult/__db.001: Permission denied
Nov 14 10:02:21 shutndap c-icap[6861]: /var/lib/squidGuard/db/blacklists/ads/__db.001: Permission denied

What is the correct file permission for the SquidGuard DB?

I have also tried
a) chown -R c-icap:c-icap /var/lib/squidGuard/db/blacklists
and
b) chown -R squid:c-icap /var/lib/squidGuard/db/blacklists

2

ntienjem Wrote in message:
[color=blue]

OpenSuSe Leap 42.1 → Networking → Proxy Server: Squid + C-ICAP – File
permission for SquidGuardDB[/color]

This forum is for issues relating to SUSE Linux Enterprise Desktop
(SLED). Since you are using openSUSE you should repost your issue
in the openSUSE Forums at https://forums.opensuse.org/forum.php

HTH.

Simon Flood
SUSE Knowledge Partner

----Android NewsGroup Reader----
http://usenet.sinaapp.com/