[blfs-dev] stunnel

Qrux qrux.qed at gmail.com
Tue Feb 28 20:50:31 PST 2012


HTTP link points to the homepage, not the actual download.

* * *

Current mirror HTTP URL:

	http://mirrors.zerg.biz/stunnel/stunnel-4.52.tar.gz

Reference FTP site:

	ftp://ftp.stunnel.org/stunnel/stunnel-4.52.tar.gz

Reference checksum - sha256:

	ftp://ftp.stunnel.org/stunnel/stunnel-4.52.tar.gz.sha256
	7c78c178074e9b96331518a9c309d2e95ca9ad6e0338a96d5ab8ad47fde4347c  stunnel-4.52.tar.gz

Computed checksum - md5:

	f5e713dda0e8efa659f372832ecd0c2c stunnel-4.52.tar.gz

* * *

Why does BLFS install an /etc/stunnel/stunnel.conf that has this line:

	chroot = /var/lib/stunnel

Other services (e.g., BIND), along with LSB/FSB stating that services should now be run in /srv.  Thoughts about moving the chroot jail?

	chroot = /srv/stunnel

for consistency?  Also, the useradd seem odd:

	useradd -c "Stunnel Daemon" -d /var/lib/stunnel \
        -g stunnel -s /bin/false -u 51 stunnel

Typically, chroot daemon users get a home dir of /dev/null, which is typically *after* root chroots.  From the look of things, it looks like there's a host chroot-jail of /var/lib/stunnel, and then a user stunnel that lives inside that chroot, and expects its home dir to be /var/lib/stunnel once inside the chroot.

So...Does the daemon run as the stunnel user *BEFORE* the chroot??  That would be the only reason the stunnel user needs a home directory that's in /var/lib/stunnel of the host (and thus having an absolute path of  /var/lib/stunnel/var/lib/stunnel)?  If not, shouldn't that be changed to /dev/null?

	Q




More information about the blfs-dev mailing list