4 Oct
2005
4 Oct
'05
7:41 a.m.
nick.hoffman@altcall.com wrote:
Stunnel runs as user:group stunnel4:stunnel4. The server reads client certs (for verify = 3) from /etc/stunnel/certs/ which is chown'd root:ssl-certs and chmod'd 750. The client PEMs in that directory have the same ownership and permissions. User stunnel4 is in the ssl-certs group.
You've configured stunnel to run in stunnel4 group. No additional group is used - only the one specified with setgid option. /etc/group entry for group ssl-certs is ignored by stunnel.
Best regards, Mike