Honestly, you don't want to be using intercepting squid. Use explicit squid, put the config on the devices. Use an iptables rule to block 80 and 443 out of your network. Anyone who doesn't set up the proxy doesn't get any web...
I'd turn off caching you're looking just for monitor and policy control, caching isn't that useful esp on a flash filesystem.
Thanks @dlakelan. Now that I think about your comment here, I think I agree. So perhaps the guidance I see for setting up squid in OpenWRT here is not the best plan? That's where the redirect rule came from.
After searching the web, I see thousands of squid configuration guides (many of which are clearly not intended for routers). Can you suggest one or two squid getting started resources for me to use in place of the link I used above? That would be a big help to me.
I removed the redirect rule from my firewall that the link above suggested, and can now access my LuCI interface again, so at least I know what caused that problem.
Actually, since I'm using squid to implement monitoring (to start with) and access control (probably later), I think I will also want squid's caching features. I think that speeding up connections by caching can only be a good idea for me (even though it's not one of my original goals). The USB drive I'm using is actually a USB 3.0 spinning magnetic disk (not a USB thumb or flash drive), so I don't think I need to worry about damaging the flash drive hardware by having squid do too many rewrites in too short a time.
I guess the permission problem (after I run squid -z) was because squid was trying to do something that only root had permission to do (like you said, creating the /tmp/squid/cache directory), but the man page says that squid -z "Create swap directories". How many swap directories under /tmp/squid will squid need to create? And does it create new ones as it's running over weeks and months? Sorry, I'm brand new to squid.
Many Unix-like systems use "init scripts" to start and stop the various background ("daemon") processes. In OpenWrt, they are typically in /etc/init.d/. Since I don't have squid installed on my system, I looked at the package source, where the file that you would see as /etc/init.d/squid is called squid.init.
The "magic line" I was looking for was a guess, based on how things are often done.
mkdir # make a new directory
-p # including the path to the directory, if it doesn't already exist
/tmp/squid/cache # with the directory called this
2> # take any "error" output (such as "directory already exists") and send it to
/dev/null # the "bitbucket" - /dev/null is a special "file" that discards everything written to it
Well the web has moved on to encrypted SSL everywhere so almost nothing gets cached... It's great for something like Debian packages that are still served by http and are large and you might want to install on multiple computers, but for everyday surfing it has very little effect, particularly since browsers do their own caching.
But hey, if it's on a spinning disk, it's not going to hurt...
Have you tried the luci-app-squid package to get started using a GUI? I haven't used it myself but it might help here
As an intensive user (and modder) of squid, not only on openwrt, I suggest first to do the intended setup on real LINUX, for the purpose of learning and to avoid the interference of LuCi and uci.
BTW: On openwrt, I completely bypass Luci/uci, too, for optimized, non-trivial configuration.