squid starts as root, but runs as the proxy user, or rather it changes
its uid to that after starting (cache_effective_user).
So I'm not sure is max_filedesc is effective before or after the chuid.
I'll report back if I get the descriptor warning again.
Thanks,
Sean
On 6 December 2011 10:59, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 6/12/2011 7:54 p.m., Sean Boran wrote:
>>
>> Hi,
>>
>> On squid proxy using the stock Ubuntu squid packages, the file
>> descriptors need to be increased.
>>
>> I found two suggestions:
>>
>> http://chrischan.blog-city.com/ubuntu_804_lts_increasing_squid_file_descriptors.htm
>> but ulimit -n was still 1024 after rebooting.
>> (and it also talks about recompiling squid with
>> --with-filedescriptors=8192, but Id prefer to keep the stock ubuntu
>> package if possible).
>>
>> This link:
>>
>> http://www.cyberciti.biz/faq/squid-proxy-server-running-out-filedescriptors/
>> suggests alternative settings in /etc/security/limits.conf
>> but "ulimit -a | grep 'open files'" still says 1024
>>
>> There was also a suggestion found to set a value in
>> /proc/sys/fs/file-max, but the current value was already 392877
>>
>> Finally, the second article suggests (for red hat) just setting
>> max_filedesc 4096
>> in squid.conf
>> and this actually works, i.e.
>> "squidclient -p 80 mgr:info | grep 'file descri'"
>> reports 4096
>>
>> So my question: is the squid.conf sufficient? How is the squid setting
>> related to ulimit, if at all?
>
>
> They are related. ulimit sets the OS limits squid can use,
> max_filedescriptors (with its alias for RHEL) sets how many Squid tries to
> use.
> When Squid is run as root or with the right libcap security privileges it
> should not need the ulimit, but if in doubt it wont hurt.
>
> Amos
Received on Tue Dec 06 2011 - 13:52:16 MST
This archive was generated by hypermail 2.2.0 : Tue Dec 06 2011 - 12:00:03 MST