[stunnel-users] SU in exec argument

Florian Götz f.goetz at hs-mannheim.de
Thu Nov 7 09:58:25 CET 2013

Hi stunnel users,

I´m using SLES with stunnel 4.54-0.9.24, which is stored in /usr/sbin in
this distribution.
Stunnel is used with xinetd in non-daemon mode.
With stunnel in /usr/sbin, I can use stunnel only with root (I know I
can do a sudoers entry for stunnel....but let´s try it the way it was
meant by the distribution).

I wanted so use a stunnel.conf like this:

exec = /bin/su
execargs = su -l -c "/home/abc/bin/binary" abc
cert = /home/abc/certs/cert.pem
key = /home/abc/certs/cert.key
CAfile = /home/fex/certs/CA.pem
TIMEOUTclose = 2

xinetd.d/service config looks like this:

service abc
        socket_type     = stream
        wait            = no
        type            = unlisted
        protocol        = tcp
        port            = 443
        cps             = 5 10
        user            = root
        groups          = yes
        server          = /usr/sbin/stunnel
        server_args     = /home/abc/etc/stunnel.conf
        nice            = 0
        disable         = no

The "su -l ...." command works fine on a root shell, but with this
stunnel.conf it refuses to work.
Can anybody give me a hint how to resolve that problem?

Best regards
Florian Götz

Mit freundlichen Grüßen
Florian Götz


Dipl.-Inf. (FH) Florian Götz
Rechenzentrum Hochschule Mannheim
Paul-Wittsack-Straße 10    
68163 Mannheim
Tel: 0621/292-6232

EMail:     f.goetz at hs-mannheim.de
Internet:     http://www.rz.hs-mannheim.de


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4630 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20131107/c362ef9a/attachment.bin>

More information about the stunnel-users mailing list