Prev: Debian, OpenJDK + JavaFX
Next: Solution: order of multiple sound cards
From: Giorgos Tzampanakis on 13 Jan 2010 19:26
I want to run stunnel as a daemon so my newsreader can access my
newsserver. After asking on #debian, I found that I need to tell Debian to
start the stunnel daemon during the init process, which happens before
users login. I did that, and it works.

My question is, why does root need to enable this for all users? Isn't it
more sensible to enable on a per-user basis?
From: David W. Hodgins on 13 Jan 2010 21:02
On Wed, 13 Jan 2010 19:26:43 -0500, Giorgos Tzampanakis <gt67(a)hw.ac.uk> wrote:

> I want to run stunnel as a daemon so my newsreader can access my
> newsserver. After asking on #debian, I found that I need to tell Debian to
> start the stunnel daemon during the init process, which happens before
> users login. I did that, and it works.
>
> My question is, why does root need to enable this for all users? Isn't it
> more sensible to enable on a per-user basis?

Running stunnel as a user, under strace, will show ...

24849 bind(6, {sa_family=AF_INET, sin_port=htons(564), sin_addr=inet_addr
("0.0.0.0")}, 16) = -1 EACCES (Permission denied)

The stunnel needs root authority to open the port for listening. I
have in /etc/rc.d/rc.local ...
/usr/bin/stunnel /etc/ssl/stunnel/stunnel.conf

$ cat /etc/ssl/stunnel/stunnel.conf
; debug=debug
foreground=no
syslog=no
compression=rle
[nntps]
client=yes
connect=news.eternal-september.org:563
accept=564

In /etc/leafnode/config, I have ..
server = localhost
port = 564

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
 | 
Pages: 1
Prev: Debian, OpenJDK + JavaFX
Next: Solution: order of multiple sound cards