Package: openvpn Version: 2.1.3-2 Severity: wishlist
Hi, I may be dense, but it took me a while to understand that starting from a working setup running as root and dropping priviledges to nobody/nogroup, I could not just replace up /etc/openvpn/update-resolv.conf down /etc/openvpn/update-resolv.conf with up /etc/openvpn/update-resolv.conf plugin /usr/lib/openvpn/openvpn-down-root.so /etc/openvpn/update-resolv-conf The reason the latter does not work is that the script does not get the "down" argument passed to it, hence does nothing (see case switch in source of script). To get it working, you have to modify update-resolv-conf to execute the "down" behavior by default, or to create another script /etc/openvpn/down.sh that will call "update-resolv-conf $@ down". I suppose my use case is fairly common and could be documented in the /usr/share/doc/openvpn/README.down-root for example, to save time for the next one running into the problem. -- System Information: Debian Release: 6.0.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=, LC_CTYPE= (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF8) Shell: /bin/sh linked to /bin/bash Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii liblzo2-2 2.03-2 data compression library ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l ii libpkcs11-helper1 1.07-1 library that simplifies the intera ii libssl0.9.8 0.9.8o-4squeeze4 SSL shared libraries ii net-tools 1.60-23 The NET-3 networking toolkit ii openssl-blacklist 0.5-2 list of blacklisted OpenSSL RSA ke ii openvpn-blacklist 0.4 list of blacklisted OpenVPN RSA sh openvpn recommends no packages. Versions of packages openvpn suggests: ii openssl 0.9.8o-4squeeze4 Secure Socket Layer (SSL) binary a ii resolvconf 1.46 name server information handler -- Configuration Files: /etc/default/openvpn changed [not included] /etc/openvpn/update-resolv-conf changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
