stunnel4 user + permissions
Hey guys, I've been using stunnel for a while and it's great. I've noticed something that doesn't make much sense to me though, so I was wondering if you might be able to shed some light. Stunnel runs as user:group stunnel4:stunnel4. The server reads client certs (for verify = 3) from /etc/stunnel/certs/ which is chown'd root:ssl-certs and chmod'd 750. The client PEMs in that directory have the same ownership and permissions. User stunnel4 is in the ssl-certs group. When a client connects, the server is unable to read from /etc/stunnel/certs/. If I change the ownership of the directory to root:stunnel4 though, everything works. Any idea why this occurs? Cheers, Nick
<nick.hoffman@altcall.com> wrote:
Stunnel runs as user:group stunnel4:stunnel4. The server reads client certs (for verify = 3) from /etc/stunnel/certs/ which is chown'd root:ssl-certs and chmod'd 750. The client PEMs in that directory have the same ownership and permissions. User stunnel4 is in the ssl-certs group.
You've configured stunnel to run in stunnel4 group. No additional group is used - only the one specified with setgid option. /etc/group entry for group ssl-certs is ignored by stunnel. Best regards, Mike
participants (2)
-
Michal Trojnara -
nick.hoffman@altcall.com