On Tue, 28 Dec 2021, Erich Eckner wrote: > Though, it seems to behave strangely, when called from host-up and host-down - > but I still have to investigate that one further. > > On a side note: Would it make sense / would it be possible to expose some > similar feature for a less-privileged user than root (which is running the > tinc daemon on my host)?
While a bit hacky, this is possible. I use the following in the tinc-up script: #!/bin/sh # allow access for haegar chmod 640 /var/run/tinc.networkname.pid chown root:haegar /var/run/tinc.networkname.pid chmod 660 /var/run/tinc.networkname.socket chown root:haegar /var/run/tinc.networkname.socket (replace 'networkname' with the name of your network) And then (in my case) as a user in the group haegar I can just execute tinc -n networkname --pidfile /var/run/tinc.networkname.pid dump subnets (in my usage I execute the tinc client from cron as a non-priv user, and generate my own graphs) c'ya sven-haegar -- Three may keep a secret, if two of them are dead. - Ben F. _______________________________________________ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc