Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Stunnel as non root !!
Top Forums UNIX for Advanced & Expert Users Stunnel as non root !! Post 302825219 by leghorn on Monday 24th of June 2013 01:38:45 AM
Old 06-24-2013
RedHat Stunnel as non root !!
HI

I'm trying to install stunnel as(or in) non-root user.
there are these options setuid and setgid in stunnel.conf ,that by default are "nobody". but u can change them to "user" .. to enable stunnel in non root mode
I tried doing it but no luck.

Please drop in your valuable suggestions

Thanks
 

6 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Run non-root script as root with non-root environment

All, I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies

2. UNIX for Advanced & Expert Users

stunnel will not start

am tring to start stunnel version 4.05 that come standard with Suse Enterprise 9 CD. I intend to start stunnel as a daemon, I have generate and self signed the certificate using openssl with openssl version 0.9.7d but stunnel will not start up instead I received the following error message ... (1 Reply)
Discussion started by: hassan1
1 Replies

3. SCO

Starting up stunnel on SCO Openserver 5.0.7

Hi there I have compiled a binary of stunnel for SCO Openserver 5.0.7 At the moment the binary is in /u/testroom/sbin/stunnel as root I cd to /u/testroom/sbin and start the stunnel daemon up with ./stunnel The stunnel log shows when users successfully connect or disconnect, so... (1 Reply)
Discussion started by: The_Librarian
1 Replies

4. UNIX for Advanced & Expert Users

Help with Getting Stunnel Running

OS: Sun Solaris 10 (5.10) Stunnel has been installed but when I try to run it, I get a directory permission error. Not sure what it means by 'Not owner' even though that's plain English. I have changed the chroot to a directory (var/tmp) that I'm sure all users have access to so not sure... (0 Replies)
Discussion started by: neapolitan
0 Replies

5. UNIX and Linux Applications

Update CRL in stunnel?

Hi, Does anyone know if there is a way to update CRLs in stunnel, without restarting stunnel? If I copy a new CRL to my CRLPath, it is only used for services (from config file) that hasn't been used yet. Services that has been used at least once does not care about new CRLs... (0 Replies)
Discussion started by: pelig
0 Replies

6. Solaris

Migration of system having UFS root FS with zones root to ZFS root FS

Hi All After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies

LEARN ABOUT DEBIAN

cipux_mkcertkey

CIPUX_MKCERTKEY(1p)					User Contributed Perl Documentation				       CIPUX_MKCERTKEY(1p)

NAME

       cipux_mkcertkey - simple script to generate certificate for stunnel

VERSION

       version 3.4.0.0

SYNOPSIS

	       cipux_mkcertkey

REQUIRED ARGUMENTS

       None.

ABSTRACT

       In order to add security to your XML-RPC server you should generate a certificate. This script shows a simple method to do that. You have
       to take the responsibility by yourself to make sure you understand what you do.

DESCRIPTION

       Generates a certificate and a key in /etc/cipux/stunnel.

USAGE

	cipux_mkcertkey

OPTIONS

       None.

CERTIFICATE

       Each SSL enabled XML-RPC server needs to present a valid X.509 certificate to the peer and it also needs a private key to decrypt the
       incoming data.  The easiest way to obtain a certificate and a key is to generate them with the free openssl package. You can find more
       information on certificates generation below.  The certificates must be in PEM format and must be sorted starting with the certificate to
       the highest level (root CA)

       Two things are important when generating the certificate-key pairs.(1) Because the server has no way to obtain the password from the user, the private key cannot be encrypted.  To create an unencrypted key
       add the "-nodes" option when running the req command from the openssl kit.(2) The order of contents of the .pem file is also important. It should contain the unencrypted private key first, then a signed
       certificate (not certificate request). There should be also empty lines after certificate and private key.  Plaintext certificate
       information appended on the top of generated certificate should be discarded. So the file should look like this:

		    -----BEGIN RSA PRIVATE KEY-----
		    [encoded key]
		    -----END RSA PRIVATE KEY-----
		    [empty line]
		    -----BEGIN CERTIFICATE-----
		    [encoded certificate]
		    -----END CERTIFICATE-----
		    [empty line]

       This can be stored in one file or in two files. This script stores the in to files to have the flexibility to use the certificate in other
       location. This to files will be created:

	stunnel-cert.pem
	stunnel-key.pem

DIAGNOSTICS

       TODO: write explanations to the messages.

       "Cannot find certificate configuration: %s"
       "Cannot find openssl executable: %s"
       "Directory to store certs do not exist: %s"
       "Directory to store certs is not save!..."
	    Directory to store certs is not save!
	    Should be for example:
	    drwx------ 2 root root 4096 2008-04-17 21:15 /etc/cipux/stunnel

       "Cannot execute %s"
       "Can not close %s"
       "Can not print to STDOUT!"
       "%s not known to the system!"

CONFIGURATION

       TODO.

DEPENDENCIES

       Carp CipUX File::stat Cwd POSIX Readonly Fatal English version

INCOMPATIBILITIES

       Not known.

BUGS AND LIMITATIONS

       Not known.

SEE ALSO

       See the CipUX webpage and the manual at <http://www.cipux.org> See the mailing list http://sympa.cipworx.org/wws/info/cipux-devel
       <http://sympa.cipworx.org/wws/info/cipux-devel>

AUTHOR

       Christian Kuelker  <christian.kuelker@cipworx.org>

LICENSE AND COPYRIGHT

       Copyright (C) 2008 by Christian Kuelker

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation,
       Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

perl v5.14.2							    2012-01-04						       CIPUX_MKCERTKEY(1p)
All times are GMT -4. The time now is 02:38 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy