Don Armstrong <d...@donarmstrong.com> writes: > On Thu, 03 Oct 2019, Aaron M. Ucko wrote: >> # Run sslh as an user and use capabilities to bind ports >> User=sslh >> AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN > > So I think this is the issue; you're running it as sslh, not root, so it > can't actually drop privileges or write to its pidfile.
Ah, yes, I'd somehow missed those lines, which of course weren't a problem until /etc/default/sslh started supplying --pidfile. Thanks for maintaining sslh packages, and sorry for the noise! -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu
