[stunnel-users] Using stunnel as a non-root user

T. S. Ferreira tsferreira at gmail.com
Thu Dec 20 20:52:47 CET 2007


I solved the problem already with the '-P /home/tsf/.../stunnel.pid'
option. The default value is '
/var/run/stunnel4.pid' which is not accessible to a regular user!  BTW
this option requires an absolute path.

-- tsf


On Dec 20, 2007 10:09 AM, T. S. Ferreira <tsferreira at gmail.com> wrote:
> I have a small web application running as a regular (non root) user on
> my port 6666. I would like to make it accessible through SSL on port
> 7777.  In order to test it I used (as the same non root user) the
> following command:
>
>     stunnel -D 7 -p mypemfile.pem -d 7777 -r localhost:6666
>
> but it does not work. When I check with "ps aux | fgrep stunnel", no
> such program is running.
>
> However if I run it as root, it does work. I did not find in the
> documentation any restriction with this regard. Since my final
> application will run on a machine to whose root I do not have access,
> I would like to find a way to solve this problem.
>
> Any hint will be appreciated.
>
> -- tsf
>
> -----------------------------------------
>
> My system data are:
>
> (1) Linux/Ubuntu 7.10, kernel 2.6.22-14-generic,
>
> (2) Output of "/usr/bin/stunnel4 -version":
>
> stunnel 4.20 on i486-pc-linux-gnu with OpenSSL 0.9.8e 23 Feb 2007
> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
>
> Global options
> debug           = 5
> pid             = /var/run/stunnel4.pid
> RNDbytes        = 64
> RNDfile         = /dev/urandom
> RNDoverwrite    = yes
>
> Service-level options
> cert            = /etc/stunnel/stunnel.pem
> ciphers         = ALL:!ADH:+RC4:@STRENGTH
> key             = /etc/stunnel/stunnel.pem
> session         = 300 seconds
> sslVersion      = SSLv3 for client, all for server
> TIMEOUTbusy     = 300 seconds
> TIMEOUTclose    = 60 seconds
> TIMEOUTconnect  = 10 seconds
> TIMEOUTidle     = 43200 seconds
> verify          = none
>
> (3) Output due to '-D 7' option:
>
> 2007.12.20 10:00:45 LOG7[14820:3082589872]: Snagged 64 random bytes
> from /home/tomasz/.rnd
> 2007.12.20 10:00:45 LOG7[14820:3082589872]: Wrote 1024 new random
> bytes to /home/tomasz/.rnd
> 2007.12.20 10:00:45 LOG7[14820:3082589872]: RAND_status claims
> sufficient entropy for the PRNG
> 2007.12.20 10:00:45 LOG7[14820:3082589872]: PRNG seeded successfully
> 2007.12.20 10:00:45 LOG7[14820:3082589872]: Certificate: jai_ssl.pem
> 2007.12.20 10:00:45 LOG7[14820:3082589872]: Certificate loaded
> 2007.12.20 10:00:45 LOG7[14820:3082589872]: Key file: jai_ssl.pem
> 2007.12.20 10:00:45 LOG7[14820:3082589872]: Private key loaded
> 2007.12.20 10:00:45 LOG7[14820:3082589872]: SSL context initialized
> for service stunnel3
>
> (4)"/usr/bin/stunnel" is a Perl script whose comments say " ...
> wrapper  to use stunnel 3.x syntax in stunnel >=4.05 ..."; it is
> version 2.00 (2005.04.2).
>



-- 
T. S. Ferreira



More information about the stunnel-users mailing list