SviMik <svi...@mail.ru> on Sat, 2016/12/10 06:06: > > You can break this with something like: > > > > status /etc/openvpn/client/status.log > > > > in your configuration. Writing a status file > > to /run/openvpn-{client,server}/status.log works, though. So the default > > setups should be fine. Do we have any more cases where openvpn wants write > > access for whatever? > > From my configuration: > 1) status
That is fine if it is written to /run/openvpn-{client,server}/. It breaks with the status file in /etc/openvpn/{client,server}/ or example. > 2) ifconfig-pool-persist That is a problem... As the name suggests this should be persistent. :-/ > 3) tmp-dir (for storing openvpn_pf_*.tmp files) Never used this. What is it for? Anyway, I think this is not persistent stuff? Writing to /tmp/ or /run/openvpn-{client,server}/ should be fine. > 4) client-connect script may want to write something My scripts do some configuration and dbus-stuff, but do not write anything... Writing to read-only path would fail, of course. > 5) a plugin may want to write something Same here... /run/ and /tmp/ is fine, other paths fail. > For me even the read-only option will break nearly *everything*. And for > user it will be completely not obvious why his scripts doesn't work, why > his status file is not updated, and what's wrong with ifconfig-pool-persist. Well, the error message should include something like: "cannot open file 'file': Read-only file system". But this is more problematic than I thought initially. -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];) putchar(b-1/(/* Chris cc -ox -xc - && ./x */b/42*2-3)*42);}
pgpkdE7knZNap.pgp
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel