9.1.14.3. Least Privilege

The stunnel service runs under the stunnel user and stunnel group. This allows directory permissions to limit the service’s access to files/directories not owned by the stunnel user/group. The stunnel user does not have a valid login shell.

References: AC-6 : LEAST PRIVILEGE