[stunnel-users] Trouble wrapping samba SWAT...

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Mon Jun 16 21:47:58 CEST 2014


On Mon, 2014-06-16 12:53:36 +0200, Marco Gaiarin wrote:
> 
> [..]
> 
> and in /etc/stunnel/swat.conf.inetd:
> 
> 	cert = /etc/ssl/certs/LNFFVGNobel.pem
> 	key = /etc/ssl/private/LNFFVGNobel.pem
> 	CAfile = /etc/ssl/certs/LNFFVG.pem
> 
> 	service = swat
> 	exec = /usr/sbin/swat
> 	execargs = swat -P
> 
> [..]
> 
> the only thing i suppose is that for some reason stunnel4, run by root
> in inetd, then switch to an unprivileged user before running swat,
> preventing access to /var/lib/samba/secrets.tdb .

Marco,

I don't think stunnel changes the user ID without a 'setuid = '
statement in the configuration file (as it does not know which user ID
to switch to).  Are you sure, swat isn't changing the user ID?  Does
it work without being wrapped by stunnel?

Ludolf

-- 

Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796


More information about the stunnel-users mailing list