我正在尝试在我的 Ubuntu 18.04 服务器上设置 Dante 1.4.2,但是 Dante 出现了奇怪的行为:
Jun 12 01:33:22 (1528760002.119429) danted[8854]: error: /etc/danted.conf: problem on line 93 near token "user.privileged": syntax error. Please see the Dante manual for more information
Jun 12 01:33:22 (1528760002.121016) danted[8854]: alert: mother[1/1]: shutting down
我的 /etc/danted.conf 如下所示(除了注释和空行):
# cat /etc/danted.conf | grep -v '^#' | grep -v '^$'
logoutput: syslog stdout /var/log/sockd.log
internal: eth0 port = 1080
external: <server's real IP>
socksmethod: pam.username
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
pam.servicename: sockd
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
}
user.privileged: proxy
user.unprivileged: nobody
此记录声明user.*是库存文件中未注释的行。根据 Dante 配置格式,这些关键字是正确的(请参阅https://www.inet.no/dante/doc/1.4.x/sockd.conf.5.html)。
如果我注释掉user.*几行,Dante 就会启动但会提醒我这不是安全的配置:
Jun 12 01:43:45 (1528760625.302753) danted[9445]: warning: checkconfig(): setting the unprivileged uid to 0 is not recommended for security reasons
请告知是否user.privileged有user.unprivileged必要,如果有必要,如何使用这些设置启动 Dante。
谢谢!
答案1
解决方案是按照以下方式更改配置中的行顺序:
# cat danted.conf | grep -v '^#' | grep -v ^$
logoutput: syslog stdout /var/log/sockd.log
internal: eth0 port = 1080
external: <server's real IP>
socksmethod: pam.username
user.privileged: root
user.unprivileged : nobody
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
pam.servicename: sockd
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
}