發佈於 作者: t850008

squid Proxy Server & SELinux

重新安裝了之前硬碟故障的 Proxy Server,系統安裝完後,複製之前備份的設定檔後,重新啟動 Proxy Server 後,發現無法啟動 Proxy Server
# service squid start
正在啟動 squid:                                           [失敗]
2013/12/27 13:59:21| Processing Configuration File: /etc/squid/squid.conf (depth 0)
FATAL: Unable to open configuration file: /etc/squid/squid.conf: (13) Permission denied
Squid Cache (Version 3.1.10): Terminated abnormally.
CPU Usage: 0.009 seconds = 0.005 user + 0.004 sys
Maximum Resident Size: 22736 KB
Page faults with physical i/o: 0[@more@]檢查 /etc/squid/squid.conf 的檔案權限
# ls -l /etc/squid/squid.conf*
-rw-r—–. 1 root root 4399 2013-11-19 00:48 /etc/squid/squid.conf
-rw-r—–. 1 root squid 2510 2013-10-01 21:44 /etc/squid/squid.conf.bak

所屬群組似不同
# chown root:squid /etc/squid/squid.conf
# ls -l /etc/squid/squid.conf*
-rw-r—–. 1 root squid 4399 2013-11-19 00:48 /etc/squid/squid.conf
-rw-r—–. 1 root squid 2510 2013-10-01 21:44 /etc/squid/squid.conf.bak

但還是無法啟動
# service squid start
正在啟動 squid:                                           [失敗]
2013/12/27 13:59:21| Processing Configuration File: /etc/squid/squid.conf (depth 0)
FATAL: Unable to open configuration file: /etc/squid/squid.conf: (13) Permission denied
Squid Cache (Version 3.1.10): Terminated abnormally.
CPU Usage: 0.009 seconds = 0.005 user + 0.004 sys
Maximum Resident Size: 22736 KB
Page faults with physical i/o: 0

後來發現可能是 SELinux 的問題,權限不對
ls -lZ /etc/squid/squid.conf*
-rw-r—–. root squid unconfined_u:object_r:admin_home_t:s0 /etc/squid/squid.conf
-rw-r—–. root squid system_u:object_r:squid_cache_t:s0 /etc/squid/squid.conf.bak

更改成正確的屬性
# chcon -R -u system_u -t squid_conf_t /etc/squid/squid.conf

再次檢查屬性
# ls -lZ /etc/squid/squid.conf*
-rw-r—–. root squid system_u:object_r:squid_conf_t:s0 /etc/squid/squid.conf
-rw-r—–. root squid system_u:object_r:squid_conf_t:s0 /etc/squid/squid.conf.bak

原本 Squid Proxy Server Cache 目錄權限
ls -lZ /cache1/* | head
/cache1/00:
drwxr-x—. squid squid system_u:object_r:default_t:s0   00/
drwxr-x—. squid squid system_u:object_r:default_t:s0   01/
drwxr-x—. squid squid system_u:object_r:default_t:s0   02/
drwxr-x—. squid squid system_u:object_r:default_t:s0   03/
drwxr-x—. squid squid system_u:object_r:default_t:s0   04/
drwxr-x—. squid squid system_u:object_r:default_t:s0   05/
drwxr-x—. squid squid system_u:object_r:default_t:s0   06/
drwxr-x—. squid squid system_u:object_r:default_t:s0   07/
drwxr-x—. squid squid system_u:object_r:default_t:s0   08/

更改成正確的屬性
# chcon -R -u system_u -t squid_cache_t /cache1

再次檢查屬性
ls -lZ /cache1/* | head
/cache1/00:
drwxr-x—. squid squid system_u:object_r:squid_cache_t:s0 00/
drwxr-x—. squid squid system_u:object_r:squid_cache_t:s0 01/
drwxr-x—. squid squid system_u:object_r:squid_cache_t:s0 02/
drwxr-x—. squid squid system_u:object_r:squid_cache_t:s0 03/
drwxr-x—. squid squid system_u:object_r:squid_cache_t:s0 04/
drwxr-x—. squid squid system_u:object_r:squid_cache_t:s0 05/
drwxr-x—. squid squid system_u:object_r:squid_cache_t:s0 06/
drwxr-x—. squid squid system_u:object_r:squid_cache_t:s0 07/
drwxr-x—. squid squid system_u:object_r:squid_cache_t:s0 08/

就可以正常啟動 Proxy Server 了!
# service squid start
正在啟動 squid:.                                          [  確定  ]