• Choose a category
• All
• Classic-Fiction

init.d and rc.d

The init.d and rc.d schemes use a separate shell script to start different services. These scripts are often located in one of the following directories: /sbin/init.d, /etc/init.d, and /usr/local/etc/rc.d. The scripts usually take a single command-line argument, which is either start or stop. Some systems only use the start argument. Here's a basic script for starting Squid:

#!/bin/sh

#

# this script starts and stops Squid

case "$1" in

start)

/usr/local/squid/sbin/squid -s

echo -n ' Squid'

;;

stop)

/usr/local/squid/sbin/squid -k shutdown

;;

esac

* * *

Note

Linux users may want to add commands that set the file-descriptor limits before running Squid. For example:

echo 8192 > /proc/sys/fs/file-max

limit -HSn 8192

* * *

To use this script, find the appropriate directory in which such scripts are stored. Give it a meaningful name, similar to the others. Perhaps S98squid or simply squid.sh. Be sure to test the script by rebooting your computer rather than assuming it will work.

/etc/inittab

Another scheme supported on some operating systems is the /etc/inittab file. On these systems, the init process starts and stops services based on the run level. A typical inittab entry looks like this:

sq:2345:once:/usr/local/squid/sbin/squid -s

With this entry, the init process starts Squid just once and then forgets about it. Squid makes sure it stays running as described previously. Alternatively, you can do it like this:

sq:2345:respawn:/usr/local/squid/sbin/squid -Ns

Here, since we use the respawn option, init restarts Squid if the process exits. If you use respawn, be sure to use the -N option.

After editing the inittab file, use this command to make init reread its configuration file and start Squid:

# init q

A chroot Environment

Some people like to run Squid in a chroot environment. This is a Unix feature that gives a process a new root filesystem directory. It provides an extra level of security in the event that Squid is compromised. If an attacker somehow gains access to the operating system through Squid, she can only access files under the chroot filesystem. The other system files, outside of the chroot tree, remain inaccessible.

The easiest way to run Squid in a chroot environment is by specifying the new root directory in the squid.conf file with this directive:

chroot /new/root/directory

* * *

Tip

The chroot( ) system call requires superuser privileges, so you must start Squid as root to use this feature.

* * *

The chroot environment isn't for first-time Unix users. It is a little tricky because you must replicate a number of files underneath the new root directory. For example, if the default configuration file is normally /usr/local/squid/etc/squid.conf, and you use the chroot directive, the file must be located at /new/root/directory/usr/local/squid/etc/squid.conf. You must copy all of the files under $prefix/etc, $prefix/share, and $prefix/libexec to the chroot directory. Make sure that $prefix/var and the cache directories exist and are writable under the chroot directory as well.

Chances are that your operating system requires a number of files in the chroot directory, such as /etc/resolv.conf and /dev/null. If you use an external helper program, such as a redirector (see Chapter 11) or an authenticator (see Chapter 12), you'll also need some shared libraries from /usr/lib. You can use the ldd utility to find out which shared libraries are required for a given program:

% ldd /usr/local/squid/libexec/ncsa_auth

/usr/local/squid/libexec/ncsa_auth:

libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x28067000)

libm.so.2 => /usr/lib/libm.so.2 (0x28080000)

libc.so.4 => /usr/lib/libc.so.4 (0x28098000)

You can also use the chroot command to test helpers:

# chroot /new/root/directory /usr/local/squid/libexec/ncsa_auth

/usr/libexec/ld-elf.so.1: Shared object "libcrypt.so.2" not found

For more information on chroot, see the chroot( ) manpage on your system.

Stopping Squid

The safest way to shut down