squid: create a user/group

Even though squid uses nobody/nogroup it ain't good for security if
every daemon around uses it, specially since squid is used as a caching
proxy most of the time and that would mean other daemons/scripts run as
nobody would have access to potentially sensitive information.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/squid/squid.mk b/package/squid/squid.mk
index c8d7417e57c5c0b8081664fc894da040ab862d7a..5e2e6593a89967ab5e9b3dafc68e85efea9333ca 100644 (file)
--- a/package/squid/squid.mk
+++ b/package/squid/squid.mk
@@ -39,7 +39,8 @@ SQUID_CONF_OPTS = \
        --with-logdir=/var/log/squid/ \
        --with-pidfile=/var/run/squid.pid \
        --with-swapdir=/var/cache/squid/ \
-       --enable-icap-client
+       --enable-icap-client \
+       --with-default-user=squid
 
 # On uClibc librt needs libpthread
 ifeq ($(BR2_TOOLCHAIN_HAS_THREADS)$(BR2_TOOLCHAIN_USES_UCLIBC),yy)
@@ -60,4 +61,8 @@ endef
 
 SQUID_POST_INSTALL_TARGET_HOOKS += SQUID_CLEANUP_TARGET
 
+define SQUID_USERS
+       squid -1 squid -1 * - - - Squid proxy cache
+endef
+
 $(eval $(autotools-package))