Stunnel 4 Multiple Processes on Ubuntu 8.04 - stunnel-users

19 May 2008


      Greetings.
I'm running the stock stunnel 4.21 on Ubuntu 8.04 (version and configs
listed below) as a stand-alone daemon to pass connections between
ssl-enabled SMTP, POP3, and IMAP clients and their respective servers, which
run on the same machine as stunnel.  In previous instances of Stunnel
(v4.15) I've managed to successfully get the daemon to switch to a non-root
user and use only a single process.  I now find, however, that I get 6
processes and 5 continue to run as root with only one (albeit the one
listening on the specified sockets) switching down to the specified user.
Does anyone have any idea why I both can't set uid/gid and why I've now got
so many processes?
# ps aux | grep stunnel
root     22702  0.0  0.1   3604   428 pts/1    S    11:24   0:00
/usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     22703  0.0  0.1   3604   428 pts/1    S    11:24   0:00
/usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     22704  0.0  0.1   3604   428 pts/1    S    11:24   0:00
/usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     22705  0.0  0.1   3604   428 pts/1    S    11:24   0:00
/usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     22706  0.0  0.1   3604   428 pts/1    S    11:24   0:00
/usr/bin/stunnel4 /etc/stunnel/stunnel.conf
stunnel4 22707  0.0  0.2   3720   932 ?        Ss   11:24   0:00
/usr/bin/stunnel4 /etc/stunnel/stunnel.conf
# lsof -i | grep stunnel
stunnel4  22707   stunnel4   11u  IPv4  55934       TCP emily:pop3s (LISTEN)
stunnel4  22707   stunnel4   12u  IPv4  55935       TCP emily:imaps (LISTEN)
stunnel4  22707   stunnel4   13u  IPv4  55936       TCP emily:ssmtp (LISTEN)
I'm invoking stunnel simply as /usr/sbin/stunnel4
/etc/stunnel4/stunnel.conf:
cert = /etc/stunnel/stunnel.pem
sslVersion = SSLv3
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[pop3s]
accept  = 64.5.53.172:995
connect = 64.5.53.172:110
[imaps]
accept  = 64.5.53.172:993
connect = 64.5.53.172:143
[ssmtp]
accept  = 64.5.53.172:465
connect = 64.5.53.172:25
Version Info:
stunnel 4.21 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug           = 5
pid             = /var/run/stunnel4.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes
Service-level options
cert            = /etc/stunnel/stunnel.pem
ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key             = /etc/stunnel/stunnel.pem
session         = 300 seconds
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none