ons 2009-02-11 klockan 14:56 +1300 skrev Amos Jeffries:
> WHY:
> * it's a security breach.
Why?
> * it's the source of many permissions annoyances.
Yes.
> * the setting is still widely recommended in online how-to's
Yes, and often for the wrong reasons.
> * current Squid-3+ are perfectly capable of pulling correct user/group
> pairs from the OS or being built with a distro preferred user other than
> 'none'.
Yes.
> HISTORY:
> If I recall correctly, the only holdback we had last time this was
> discussed was that certain setups and winbind needed it to work.
Not sure.
> That has since changed with the information about the winbind priv group
> being available to Squid.
?
> DESIRED OUTCOME:
> I'd like to obsolete it in 3.2 unless there is another compelling
> reason to keep it?
I don't see why it should be dropped.
> Failing that, I'd like to come up with a setup of parameters we can
> detect and severely restrict its usage. Makign noisy log and startup
> warnings when abused.
How is this directive abused?
If you set it to something then you don't get the benefit of multiple
group membership of the user account.
A +/- 0 from me.
Regards
Henrik
Received on Wed Feb 11 2009 - 22:12:14 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 12 2009 - 12:00:04 MST