GoogleCodeExporter
commented
9 years ago I think you misunderstand the meaning of the "user" option in a config file. It
specifies a username which will
be associated with the OpenVPN process, and has nothing to do with
authentication.
============================
From the OpenVPN 2.1 Manual,
http://openvpn.net/index.php/open-source/documentation/manuals/69-openvpn-21.htm
l
--user user
Change the user ID of the OpenVPN process to user after initialization, dropping privileges in the process.
This option is useful to protect the system in the event that some hostile
party was able to gain control of an
OpenVPN session. Though OpenVPN's security features make this unlikely, it is
provided as a second line of
defense.
By setting user to nobody or somebody similarly unprivileged, the hostile party would be limited in what
damage they could cause. Of course once you take away privileges, you cannot
return them to an OpenVPN
session. This means, for example, that if you want to reset an OpenVPN daemon
with a SIGUSR1 signal (for
example in response to a DHCP reset), you should make use of one or more of the
--persist options to
ensure that OpenVPN doesn't need to execute any privileged operations in order
to restart (such as re-reading
key files or running ifconfig on the TUN device).
--group group
Similar to the --user option, this option changes the group ID of the OpenVPN process to group after
initialization.
Original comment by jkbull...@gmail.com on 30 Aug 2009 at 3:59
- Changed state: WontFix
- Added labels: Type-Other
- Removed labels: Type-Defect
Original issue reported on code.google.com by
jpeterss...@gtempaccount.comon 29 Jan 2009 at 3:56