From nobody@FreeBSD.org  Thu Feb 21 03:07:56 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DC8AE16A400
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 21 Feb 2008 03:07:56 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id CE43913C44B
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 21 Feb 2008 03:07:56 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m1L35NAP090271
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 21 Feb 2008 03:05:23 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m1L35NL6090270;
	Thu, 21 Feb 2008 03:05:23 GMT
	(envelope-from nobody)
Message-Id: <200802210305.m1L35NL6090270@www.freebsd.org>
Date: Thu, 21 Feb 2008 03:05:23 GMT
From: Jiro Kita <ktj@ktjdragon.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: www/squidguard does not work unless its UID/GID are modified
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: ports@tyfon.net

>Number:         120923
>Category:       ports
>Synopsis:       www/squidguard does not work unless its UID/GID are modified
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 21 03:10:02 UTC 2008
>Closed-Date:    Mon Aug 18 06:58:18 UTC 2008
>Last-Modified:  Mon Aug 18 07:00:18 UTC 2008
>Originator:     Jiro Kita
>Release:        6.2-RELEASE-p9
>Organization:
>Environment:
FreeBSD ****** 6.2-RELEASE-p9 FreeBSD 6.2-RELEASE-p9 #0: Sat Jan 13 22:27:24 JST 2007     *******:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
www/squigguard installs blacklist files to /var/db/squidGuard and the UID:GID of the installed files is set to nobody:nogroup. The permission for the files is 0550 or 0660. On the other hand, www/squid specifies squid:squid as UID:GID.

As a result, squidGuard cannot handle blacklist files so websites that should not be accessed cannot be filtered.
>How-To-Repeat:
(1) install www/squid and www/squidguard without specifying UID/GID.
(2) set /usr/local/etc/squid/squid.conf and /usr/local/etc/squid/squidGuard based on post-install message of squidguard.
(3) test whether squidGuard properly works or not. 
>Fix:
For my system, the attached patch for www/squidguard/Makefile can solve above problem.

In addition the post-install message of squidGuard requests to add "redirect_program" tag to squid.conf. However, in squid.conf, "url_rewrite_program" tag is indicated instead of "redirect_program" tag.

So, it may prefarable to replace "redirect_program" in the post-install message with "url_rewrite_program". The attached patch further fixes the post-install messages.

Patch attached with submission follows:

--- Makefile.patched	Wed Feb 20 15:57:39 2008
+++ Makefile	Wed Feb 20 16:03:13 2008
@@ -29,8 +29,8 @@
 
 CFGINPUT=	${.CURDIR}/files/sgcfg.in
 
-SQUID_UID?=	nobody
-SQUID_GID?=	nogroup
+SQUID_UID?=	squid
+SQUID_GID?=	squid
 
 DATADIR?=	/var/db/${PORTNAME}
 LOGDIR?=	/var/log
@@ -39,10 +39,10 @@
 PLIST_SUB=	DATADIR=${DATADIR}
 
 pre-fetch:
-	@if [ ${SQUID_UID} = "nobody" -o ${SQUID_GID} = "nogroup" ] ; then \
+	@if [ ${SQUID_UID} = "squid" -o ${SQUID_GID} = "squid" ] ; then \
 		${ECHO_MSG} "===>  SQUID_UID is set to \"${SQUID_UID}\" and SQUID_GID is set to \"${SQUID_GID}\"." ; \
 		${ECHO_MSG} "      To change this specify them with your make arguments, e.g." ; \
-		${ECHO_MSG} "      make SQUID_UID=squid SQUID_GID=squid" ; \
+		${ECHO_MSG} "      make SQUID_UID=nobody SQUID_GID=nogroup" ; \
 	fi
 
 post-patch:
@@ -137,7 +137,7 @@
 	@${ECHO_MSG} " "
 	@${ECHO_MSG} "==================================================================="
 	@${ECHO_MSG} "= In order to activate ${PORTNAME} you have to edit squid.conf"
-	@${ECHO_MSG} "= To the contain \"redirect_program	${PREFIX}/bin/${PORTNAME}\""
+	@${ECHO_MSG} "= To the contain \"url_rewrite_program	${PREFIX}/bin/${PORTNAME}\""
 	@${ECHO_MSG} "= and create a configuration file for ${PORTNAME}."
 	@${ECHO_MSG} "="
 	@${ECHO_MSG} "= To activate the changes do a ${PREFIX}/sbin/squid -k reconfigure"


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Thu Feb 21 03:10:18 UTC 2008 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120923 
State-Changed-From-To: feedback->open 
State-Changed-By: lippe 
State-Changed-When: Sat Jun 21 23:31:27 UTC 2008 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120923 
State-Changed-From-To: open->closed 
State-Changed-By: edwin 
State-Changed-When: Mon Aug 18 06:58:16 UTC 2008 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120923 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/120923: commit references a PR
Date: Mon, 18 Aug 2008 06:58:25 +0000 (UTC)

 edwin       2008-08-18 06:58:12 UTC
 
   FreeBSD ports repository
 
   Modified files:
     www/squidguard       Makefile 
   Log:
   www/squidguard does not work unless its UID/GID are modified
   
           www/squigguard installs blacklist files to /var/db/squidGuard
           and the UID:GID of the installed files is set to nobody:nogroup.
           The permission for the files is 0550 or 0660. On the other
           hand, www/squid specifies squid:squid as UID:GID.
   
           As a result, squidGuard cannot handle blacklist files so
           websites that should not be accessed cannot be filtered.
   
   PR:             ports/120923
   Submitted by:   Jiro Kita <ktj@ktjdragon.com>
   Approved by:    maintainer timeout
   
   Revision  Changes    Path
   1.17      +5 -5      ports/www/squidguard/Makefile
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
