summaryrefslogtreecommitdiff
path: root/package/squid
diff options
context:
space:
mode:
authorGustavo Zacarias <gustavo@zacarias.com.ar>2015-01-14 16:14:43 -0300
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>2015-01-14 20:31:58 +0100
commit5e001837c22c4e3074458791379bd9c5bf3fe04a (patch)
tree0aaf5f1ddd978d7f3a6329abbbb66bce0315b4de /package/squid
parent0e7733e90e18a87dd8248b3284242e8e736a4140 (diff)
squid: create a user/group
Even though squid uses nobody/nogroup it ain't good for security if every daemon around uses it, specially since squid is used as a caching proxy most of the time and that would mean other daemons/scripts run as nobody would have access to potentially sensitive information. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'package/squid')
-rw-r--r--package/squid/squid.mk7
1 files changed, 6 insertions, 1 deletions
diff --git a/package/squid/squid.mk b/package/squid/squid.mk
index c8d7417e5..5e2e6593a 100644
--- a/package/squid/squid.mk
+++ b/package/squid/squid.mk
@@ -39,7 +39,8 @@ SQUID_CONF_OPTS = \
--with-logdir=/var/log/squid/ \
--with-pidfile=/var/run/squid.pid \
--with-swapdir=/var/cache/squid/ \
- --enable-icap-client
+ --enable-icap-client \
+ --with-default-user=squid
# On uClibc librt needs libpthread
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS)$(BR2_TOOLCHAIN_USES_UCLIBC),yy)
@@ -60,4 +61,8 @@ endef
SQUID_POST_INSTALL_TARGET_HOOKS += SQUID_CLEANUP_TARGET
+define SQUID_USERS
+ squid -1 squid -1 * - - - Squid proxy cache
+endef
+
$(eval $(autotools-package))