# Squid external_acl_type Cannot run process



## alexrezistorman (Nov 12, 2013)

I want to restrict uploading for a group of users via Squid. So I've chosen to use external_acl_type but after a reload of Squid it returns an error.


```
WARNING: Cannot run '/usr/local/etc/squid/lists/newupload.sh' process.
```

Permissions of newupload.sh and Squid are the same. newupload.sh is executable.

How can I solve this problem? Thnx Thanks in advance.

newupload.sh


```
#!/bin/sh
while read line; do
    set -- $line
    length=$1
    limit=$2
    if [ -z "$length" ] || [ "$length" -le "$2" ]; then
      echo OK
    else
      echo ERR
    fi
done
```

Strings from squid.conf:


```
external_acl_type request_body protocol=2.5 %{Content-Lenght} /usr/local/etc/squid/lists/newupload.sh
acl request_max_size external request_body 5000
http_access allow users request_max_size
```
Squid version

```
squid -v
Squid Cache: Version 3.2.13
configure options:  '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache/squid' '--enable-auth' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--enable-auth-basic=PAM' '--disable-auth-digest' '--enable-external-acl-helpers= kerberos_ldap_group' '--enable-auth-negotiate=kerberos' '--disable-auth-ntlm' '--without-pthreads' '--enable-storeio=diskd ufs' '--enable-disk-io=AIO Blocking DiskDaemon IpcIo Mmapped' '--enable-log-daemon-helpers=file' '--disable-url-rewrite-helpers' '--disable-ipv6' '--disable-snmp' '--disable-htcp' '--disable-forw-via-db' '--disable-cache-digests' '--disable-wccp' '--disable-wccpv2' '--disable-ident-lookups' '--disable-eui' '--disable-ipfw-transparent' '--disable-pf-transparent' '--disable-ipf-transparent' '--disable-follow-x-forwarded-for' '--disable-ecap' '--disable-icap-client' '--disable-esi' '--enable-kqueue' '--with-large-files' '--enable-cachemgr-hostname=proxy.adir.vbr.ua' '--with-filedescriptors=131072' '--disable-auto-locale' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd8.3' 'build_alias=amd64-portbld-freebsd8.3' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -frename-registers -fweb -fforce-addr -fmerge-all-constants -maccumulate-outgoing-args -pipe -march=core2 -I/usr/local/include -DLDAP_DEPRECATED' 'LDFLAGS= -L/usr/local/lib' 'CPPFLAGS=-I/usr/local/include' 'CXX=c++' 'CXXFLAGS=-O2 -fno-strict-aliasing -frename-registers -fweb -fforce-addr -fmerge-all-constants -maccumulate-outgoing-args -pipe -march=core2 -I/usr/local/include -DLDAP_DEPRECATED' 'CPP=cpp' --enable-ltdl-convenience
```
Related post:
http://squid-web-proxy-cache.101909...x-size-with-squid-2-5-STABLE12-td1022653.html


----------



## dalecosp (Nov 21, 2013)

alexrezistorman said:
			
		

> Permissions of newupload.sh and Squid are the same.



But Squid runs a master process as root, and the worker processes have a lower permission level. The worker is the one complaining.


----------

