Hi Stunnel users,
if I use xinetd to start a service I got the possibility to start the service with a dedicated user. For example:
service fex { socket_type = stream wait = no type = unlisted protocol = tcp bind = 123.12.1.12 port = 80 cps = 10 2 * user = fex groups = yes server = /home/fex/bin/fexsrv nice = 0 disable = no }
I got some kind of webserver (not apache, nginx etc) that needs to be started with xinetd (the example above). This server should get a SSL tunnel.
If I use Stunnel in daemon mode (without jails/chroot) and define a service like this:
[https] accept = 123.12.1.12:443 exec = /home/fex/bin/fexsrv execargs = fexsrv stunnel TIMEOUTclose = 2
Everything works fine, except that the server now runs as root. Is there a possibility to set a user for a service?
Best regards Florian Götz
On 2013-10-24 13:30, Florian Götz wrote:
Everything works fine, except that the server now runs as root. Is there a possibility to set a user for a service?
There is currently not way to configure individual users to individual services, but you can set a user/group for all the services. Just use "setuid" and "setgid" global options.
If you convince me (either with arguments or donation) that you need separate users for each section I could implement it.
Mike
-
Florian Götz -
Michal Trojnara