Dante (SOCKS服务器) user.unprivileged和user.unprivileged选项会导致启动失败

Question

我试图在我的Ubuntu18.04服务器上设置Dante1.4.2，但是从Dante那里得到了一个奇怪的行为：

Jun 12 01:33:22 (1528760002.119429) danted[8854]: error: /etc/danted.conf: problem on line 93 near token "user.privileged": syntax error.  Please see the Dante manual for more information
Jun 12 01:33:22 (1528760002.121016) danted[8854]: alert: mother[1/1]: shutting down

My /etc/danted.conf如下(除注释行和空行外)：

# cat /etc/danted.conf | grep -v '^#' | grep -v '^此user.*记录声明是股票文件中未注释的行。按照Dante格式，这些关键字是正确的(参见https://www.inet.no/dante/doc/1.4.x/sockd.conf.5.html)。如果我评论user.*行，但丁就会启动，但提醒我这是不安全的配置：Jun 12 01:43:45 (1528760625.302753) danted[9445]: warning: checkconfig(): setting the unprivileged uid to 0 is not recommended for security reasons请告知是否有必要使用user.privileged和user.unprivileged，如果需要，请告知如何使用这些设置启动但丁。谢谢!
logoutput: syslog stdout /var/log/sockd.log
internal: eth0 port = 1080
external: <server's real IP>
socksmethod: pam.username
client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect disconnect error
    pam.servicename: sockd
}
socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect disconnect error
}
user.privileged: proxy
user.unprivileged: nobody

此user.*记录声明是股票文件中未注释的行。按照Dante格式，这些关键字是正确的(参见https://www.inet.no/dante/doc/1.4.x/sockd.conf.5.html)。

如果我评论user.*行，但丁就会启动，但提醒我这是不安全的配置：

A5

请告知是否有必要使用user.privileged和user.unprivileged，如果需要，请告知如何使用这些设置启动但丁。

谢谢!

Answer 1

解决方案是以以下方式更改行的配置顺序：

# cat danted.conf | grep -v '^#' | grep -v ^$
logoutput: syslog stdout /var/log/sockd.log
internal: eth0 port = 1080
external: <server's real IP>
socksmethod: pam.username
user.privileged: root
user.unprivileged : nobody
client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect disconnect error
    pam.servicename: sockd
}
socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect disconnect error
}