Qrux wrote: > HTTP link points to the homepage, not the actual download.
Upstream redirects to the home page if it can't find the file. They don't keep historical versions, so that's why we get the home page. Evidently they've upgraded from 4.46 to 4.52 since November - more than once a month. That makes it pretty hard for us to keep up. > Why does BLFS install an /etc/stunnel/stunnel.conf that has this line: > > chroot = /var/lib/stunnel > > Other services (e.g., BIND), along with LSB/FSB stating that services > should now be run in /srv. Thoughts about moving the chroot jail? Well it's pretty much up to the user. We look at /srv for data that may be served: ftp, http, svn, mailman, bind, etc. A service like stunnel seems more appropriate for /var, but that's just a personal preference. > useradd -c "Stunnel Daemon" -d /var/lib/stunnel \ > -g stunnel -s /bin/false -u 51 stunnel > > Typically, chroot daemon users get a home dir of /dev/null, which is typically *after* root chroots. From the look of things, it looks like there's a host chroot-jail of /var/lib/stunnel, and then a user stunnel that lives inside that chroot, and expects its home dir to be /var/lib/stunnel once inside the chroot. > > So...Does the daemon run as the stunnel user *BEFORE* the chroot?? That would be the only reason the stunnel user needs a home directory that's in /var/lib/stunnel of the host (and thus having an absolute path of /var/lib/stunnel/var/lib/stunnel)? If not, shouldn't that be changed to /dev/null? I don't really know the answers to your question. The home directory has been that way since stunnel was first added (7 years ago). AFAIK it works. Most other howtos I've seen use the user nobody, but that is also used by things like nfs. We've chosen to give stunnel a unique user. I doubt the home directory is used by stunnel at all. Why don't you test it with a home dir of /dev/null. If it works OK, I'll change it. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
