stunnel无法找到日志文件

分享于 

3分钟阅读

互联网

  繁體

问题:

不能找到日志文件/var/log/stunnel/stunnel.log,但该文件确实存在于容器中,并且是可写/可读的。


$ bash-5.0# stunnel


[ ] Clients allowed=500


[.] stunnel 5.56 on x86_64-alpine-linux-musl platform


[.] Compiled with OpenSSL 1.1.1d 10 Sep 2019


[.] Running with OpenSSL 1.1.1g 21 Apr 2020


[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI


[ ] errno: (*__errno_location())


[.] Reading configuration from file /etc/stunnel/stunnel.conf


[.] UTF-8 byte order mark not detected


[ ] No PRNG seeding was required


[ ] Initializing service [fb-live]


[ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK


[ ] TLSv1.3 ciphersuites: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256


[ ] TLS options: 0x02100004 (+0x00000000, -0x00000000)


[ ] Loading certificate from file: /certs/cert.pem


[ ] Certificate loaded from file: /certs/cert.pem


[ ] Loading private key from file: /certs/key.pem


[ ] Private key loaded from file: /certs/key.pem


[ ] Private key check succeeded


[:] Service [fb-live] needs authentication to prevent MITM attacks


[.] Configuration successful


[ ] Binding service [fb-live]


[ ] Listening file descriptor created (FD=9)


[ ] Setting accept socket options (FD=9)


[ ] Option SO_REUSEADDR set on accept socket


[ ] Service [fb-live] (FD=9) bound to 0.0.0.0:1936


[!] Cannot open log file: /var/log/stunnel/stunnel.log


[ ] Deallocating section defaults


[ ] Unbinding service [fb-live]


[ ] Service [fb-live] closed (FD=9)


[ ] Service [fb-live] closed


[ ] Deallocating section [fb-live]



$ bash-5.0# find . -name *stunnel*


./usr/lib/stunnel


./usr/lib/stunnel/libstunnel.so


./usr/bin/stunnel3


./usr/bin/stunnel


./var/log/stunnel


./var/log/stunnel/stunnel.log


./var/lib/stunnel


./etc/stunnel


./etc/stunnel/stunnel.conf


./etc/default/stunnel


./run/stunnel



$ bash-5.0# ls /var/log/stunnel/stunnel.log -lash


 0 -rw-rw---- 1 root root 0 Oct 9 17:25 /var/log/stunnel/stunnel.log


bash-5.0# 





$ grep setuid /etc/stunnel/stunnel.conf


setuid = stunnel




答案1:

stunnel用户无权读取/写入文件。我最终运行了


$ chown -R stunnel:stunnel var/log/stunnel/stunnel.log


$ chown -R stunnel:stunnel var/run/stunnel/



这允许stunnel访问文件,并正确引导。



文件  log  LOC  Locate  STUN  Stunnel  
相关文章