How can I prevent reading of the stunnel.pem file by any user other than the service user running Stunnel? How can I permit access to this directory (C:\Program Files\stunnel) in Windows XP to only the Stunnel service?
Asked
Active
Viewed 360 times
1
-
Are you on a domain? – Mark Henderson Jan 18 '11 at 03:56
-
@Mark: Nope. No domain. – Engineer2021 Jan 18 '11 at 03:58
1 Answers
4
The safest way to do this is to create a user account specifically for the stunnel service, and then apply the permissions appropriately
- Start > Run >
lusrmgr.msc
- Right-click users and choose
New user...
- Enter in the user details, and generate a strong password for the account (you'll only need it for the new few minutes, so just keep it in notepad for the time being).
- Start > Run >
services.msc
- Right-click the stunnel service and go to properties
- Go to the Log On tab and check the option for
This Account
- Enter the username and password from Step 3
- Click OK and you should get a message about the account being granted "Logon as a service" right
- Go to the security properties of
C:\Program Files\stunnel\
and applyFull Control
to the user from Step 3 - Remove excess permissions from the folder (you might need to go to Advanced and un-check Include inheritable permissions from this object's parent)
Done!
Mark Henderson
- 68,316
- 31
- 175
- 255