Cannot Set sutid and setgid = nobody in stunnel.conf

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
Post Reply
maksaraswat
Posts: 44
Joined: 2011/10/14 19:00:52
Location: New York
Contact:

Cannot Set sutid and setgid = nobody in stunnel.conf

Post by maksaraswat » 2014/12/23 18:43:44

Hi,

I had multiple stunnels running in client mode with following config:

Code: Select all

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /etc/stunnel/
setuid = nobody
setgid = nobody
; PID is created inside chroot jail
pid = /stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

cert=/etc/stunnel/<cert>.pem 

; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

[Description]
accept = IP:PORT
connect = IP:PORT


However after applying patches last week (which updated stunnel to stunnel-4.15-2.el5.2) I cannot start stunnel with above config. I can start stunnel now with setting setuid and setgid as root:

Code: Select all

setuid = root
setgid = root
I want to run stunnel with setuid and setgid set to "nobody". Any suggestion to resolve this is appreciated.

System details:

Code: Select all

rpm -qa \*-release\* 
epel-release-5-4
centos-release-5-11.el5.centos
atomic-release-1.0-19.el5.art
centos-release-notes-5.11-0

cat /etc/redhat-release
CentOS release 5.11 (Final)

uname -rmi
2.6.18-400.1.1.el5 x86_64 x86_64

rpm -qa stunnel
stunnel-4.15-2.el5.2
Thanks

Post Reply