qrux.qed at gmail.com
Tue Feb 28 20:50:31 PST 2012
HTTP link points to the homepage, not the actual download.
* * *
Current mirror HTTP URL:
Reference FTP site:
Reference checksum - sha256:
Computed checksum - md5:
* * *
Why does BLFS install an /etc/stunnel/stunnel.conf that has this line:
chroot = /var/lib/stunnel
Other services (e.g., BIND), along with LSB/FSB stating that services should now be run in /srv. Thoughts about moving the chroot jail?
chroot = /srv/stunnel
for consistency? Also, the useradd seem odd:
useradd -c "Stunnel Daemon" -d /var/lib/stunnel \
-g stunnel -s /bin/false -u 51 stunnel
Typically, chroot daemon users get a home dir of /dev/null, which is typically *after* root chroots. From the look of things, it looks like there's a host chroot-jail of /var/lib/stunnel, and then a user stunnel that lives inside that chroot, and expects its home dir to be /var/lib/stunnel once inside the chroot.
So...Does the daemon run as the stunnel user *BEFORE* the chroot?? That would be the only reason the stunnel user needs a home directory that's in /var/lib/stunnel of the host (and thus having an absolute path of /var/lib/stunnel/var/lib/stunnel)? If not, shouldn't that be changed to /dev/null?
More information about the blfs-dev