Stunnel Service as other user
Hi Stunnel users, if I use xinetd to start a service I got the possibility to start the service with a dedicated user. For example: service fex { socket_type = stream wait = no type = unlisted protocol = tcp bind = 123.12.1.12 port = 80 cps = 10 2 * user = fex groups = yes server = /home/fex/bin/fexsrv nice = 0 disable = no } I got some kind of webserver (not apache, nginx etc) that needs to be started with xinetd (the example above). This server should get a SSL tunnel. If I use Stunnel in daemon mode (without jails/chroot) and define a service like this: [https] accept = 123.12.1.12:443 exec = /home/fex/bin/fexsrv execargs = fexsrv stunnel TIMEOUTclose = 2 Everything works fine, except that the server now runs as root. Is there a possibility to set a user for a service? Best regards Florian Götz -- Mit freundlichen Grüßen Florian Götz ----------------------------------------------------------------- Dipl.-Inf. (FH) Florian Götz Rechenzentrum Hochschule Mannheim Paul-Wittsack-Straße 10 68163 Mannheim Tel: 0621/292-6232 EMail: f.goetz@hs-mannheim.de Internet: http://www.rz.hs-mannheim.de -----
On 2013-10-24 13:30, Florian Götz wrote:
Everything works fine, except that the server now runs as root. Is there a possibility to set a user for a service? There is currently not way to configure individual users to individual services, but you can set a user/group for all the services. Just use "setuid" and "setgid" global options.
If you convince me (either with arguments or donation) that you need separate users for each section I could implement it. Mike
participants (2)
-
Florian Götz -
Michal Trojnara