I had multiple stunnels running in client mode with following config:
Code: Select all
; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /etc/stunnel/
setuid = nobody
setgid = nobody
; PID is created inside chroot jail
pid = /stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle
cert=/etc/stunnel/<cert>.pem
; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log
; Use it for client mode
client = yes
; Service-level configuration
[Description]
accept = IP:PORT
connect = IP:PORT
However after applying patches last week (which updated stunnel to stunnel-4.15-2.el5.2) I cannot start stunnel with above config. I can start stunnel now with setting setuid and setgid as root:
Code: Select all
setuid = root
setgid = root
System details:
Code: Select all
rpm -qa \*-release\*
epel-release-5-4
centos-release-5-11.el5.centos
atomic-release-1.0-19.el5.art
centos-release-notes-5.11-0
cat /etc/redhat-release
CentOS release 5.11 (Final)
uname -rmi
2.6.18-400.1.1.el5 x86_64 x86_64
rpm -qa stunnel
stunnel-4.15-2.el5.2