Bug 205568 - Possible need to make cachemgr.conf world readable
Possible need to make cachemgr.conf world readable
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: squid (Show other bugs)
5
All Linux
medium Severity low
: ---
: ---
Assigned To: Martin Stransky
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-07 06:16 EDT by Raoul
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-25 18:36:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Raoul 2006-09-07 06:16:53 EDT
Description of problem:
This is not actually a bug.
The /etc/squid/cachemgr.conf file needs to be world readable in order to be read
by cachemgr.cgi. Otherwise the script cannot read the available servers. Not to
mention the not so descriptive error it prints. For example:
target localhost:3128 not allowed in cachemgr.conf

I don't know if that conf file is deliberately shipped with 0640 mode for
security reasons. In that case, I believe that a comment about making it world
readable should exist within the cachemgr.conf file.

Version-Release number of selected component (if applicable):
7:2.5.STABLE14-2.FC5

How reproducible:
always

Steps to Reproduce:
1. configure and start squid
2. restart apache so that /etc/httpd/conf.d/squid.conf is read
3. go to www.example.org/Squid/cgi-bin/cachemgr.cgi
4. enter a cache host that exists in /etc/squid/cachemgr.conf and continue
5. 

Actual results:
the error mentioned above shows up

Expected results:
should connect to the requested cache

Additional info:
Comment 1 Trevor Cordes 2006-10-02 22:59:47 EDT
Ouch, this one just cost me 2 hours.  Raoul is exactly right.  The perms need
0644 or cachemgr won't let you in no matter what you do, and the error provided
in the browser is completely useless.  And worse yet, no useful errors are
logged to squid's or apache's logs.

Easiest fix is make that file 0644 in the distribution.  It's non-sensitive info.
Comment 2 Martin Stransky 2006-10-25 18:36:44 EDT
okay, added to CVS.

Note You need to log in before you can comment on or make changes to this bug.