Cannot Set sutid and setgid = nobody in stunnel.conf

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
Post Reply
Posts: 44
Joined: 2011/10/14 19:00:52
Location: New York

Cannot Set sutid and setgid = nobody in stunnel.conf

Post by maksaraswat » 2014/12/23 18:43:44


I had multiple stunnels running in client mode with following config:

Code: Select all

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /etc/stunnel/
setuid = nobody
setgid = nobody
; PID is created inside chroot jail
pid = /

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle


; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

accept = IP:PORT
connect = IP:PORT

However after applying patches last week (which updated stunnel to stunnel-4.15-2.el5.2) I cannot start stunnel with above config. I can start stunnel now with setting setuid and setgid as root:

Code: Select all

setuid = root
setgid = root
I want to run stunnel with setuid and setgid set to "nobody". Any suggestion to resolve this is appreciated.

System details:

Code: Select all

rpm -qa \*-release\* 

cat /etc/redhat-release
CentOS release 5.11 (Final)

uname -rmi
2.6.18-400.1.1.el5 x86_64 x86_64

rpm -qa stunnel

Post Reply

Return to “CentOS 5 - Server Support”