From c2734315a63e744db4060b19efd9521dbb82e1c2 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Tue, 17 Aug 2021 12:34:19 -0400
Subject: [PATCH 1/2] network/tasks/squid.yml: Clarify user:group {{ proxy_user
 }} per #2948 discussion

---
 roles/network/tasks/squid.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml
index 4c1c76fbe..e959d43de 100644
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@@ -14,11 +14,15 @@
     state: stopped
   when: squid_installed is undefined
 
-- name: Create Squid user:group '{{ proxy_user }}' to own /library/cache
+# 2021-08-17: This stanza is gratuitous on most distros, where the user 'proxy'
+# or 'squid' is preinstalled (typically with UID and GID 13 in /etc/passwd) but
+# let's be sure, as distro internals / favorite distros change without warning.
+- name: Ensure Linux user:group '{{ proxy_user }}:{{ proxy_user }}' exists, to own /library/cache -- and for recent versions of /usr/lib/systemd/system/squid.service that use 'Group=proxy'
   user:
     name: "{{ proxy_user }}"    # proxy (or 'squid' on vars/centos-7.yml, vars/fedora-18.yml, vars/fedora-12.yml)
-    createhome: False
-    shell: /bin/false
+    group: "{{ proxy_user }}"
+    create_home: False
+    shell: /bin/false    # UNIX norm should work across all distros, overriding Debian/Ubuntu norm /usr/sbin/nologin
 
 # 2021-08-16: Squid runs as 'nobody' when started as root:
 # http://www.squid-cache.org/Doc/config/cache_effective_user/

From 1c4276a4c0eb36b9f1697cd4635e97bd28713d5c Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Tue, 17 Aug 2021 12:37:31 -0400
Subject: [PATCH 2/2] network/templates/squid/squid.conf.j2: Fix URL re:
 cache-dir creation

---
 roles/network/templates/squid/squid.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/network/templates/squid/squid.conf.j2 b/roles/network/templates/squid/squid.conf.j2
index 9feed126d..666a6a677 100644
--- a/roles/network/templates/squid/squid.conf.j2
+++ b/roles/network/templates/squid/squid.conf.j2
@@ -14,7 +14,7 @@ http_access deny manager
 
 # 2021-08-16: Squid's auto-creation of cache_dir (or the old way, 'squid -z')
 # don't work well in recent years.  So we do it manually, as explained here:
-# https://github.com/iiab/iiab/blob/master/roles/network/tasks/squid.yml#L17-L41
+# https://github.com/iiab/iiab/blob/master/roles/network/tasks/squid.yml#L17-L45
 
 # Where is the cache stored on disk? http://www.squid-cache.org/Doc/config/cache_dir/
 #