-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 22/09/16 16:06, debbie10t wrote:
> Hi,
>
>
> On 22/09/16 14:40, Jan Just Keijser wrote:
>> Hi,
>>
>> On 22/09/16 15:07, debbie10t wrote:
>>> Hi
>>>
>>> posting in devel because I am asking for clarification of what
>>> the source code really does.
>>>
>>> Re: https://forums.openvpn.net/viewtopic.php?f=30=22485
>>>
>>> Config: |--- server *normal stuff* log-append /tmp/openvpn.log
>>> ---
>>>
>>> I have just tried with Ubuntu1604 myself and observe that: (My
>>> basic config I added: --log /tmp/client1.log)
>>>
>>> 1. $ sudo systemctl start openvpn@client1 = log file *not*
>>> created 2. $ sudo openvpn client1.conf = log file created
>>> normally in /tmp
>>>
>>> Obviously, systemctl start openvpn@client1 appends more options
>>> when starting openvpn (in my hand written service the only
>>> addition is --daemon client1) So I presume that by daemonizing
>>> something changes with regard to writing the log file to /tmp
>>> ??
>>>
>>> Also note, in the forum post --daemon is used within the config
>>> file.
>>>
>>> I did grep -E "/tmp" src/openvpn/* and found some code in
>>> init.c (line 664) but it's all C, foo, bar to me (Sea food bar
>>> ;-) )
>>>
>>> Anyhoo, can anybody provide a brief and simple explanation ?
>>>
>>> Many thanks
>> most likely this , from 'man systemd.exec'
>>
>> PrivateTmp= Takes a boolean argument. If true, sets up a new file
>> system namespace for the executed processes and mounts private
>> /tmp and /var/tmp directories inside it, that are not shared by
>> processes outside of the namespace. This is useful to secure
>> access to temporary files of the process, but makes sharing
>> between processes via /tmp or /var/tmp impossible. All temporary
>> data created by service will be removed after service is
>> stopped. Defaults to false.
>>
>>
>> thus, the output *is* logged to /tmp/openvpn.log but the problem
>> is that it's not in the /tmp you'd expect. There's nothing
>> OpenVPN can do about this, it's one of those weird idiosyncracies
>> of systemd.
>>
>> HTH,
>>
>> JJK
>>
>>
> Thanks JJK, this was *exactly* the problem .. I removed
> PrivateTmp=True from the unit file, (which I had over looked)
> systemctl daemon-reload and systemctl start openvpn@client1 and the
> file appeared at /tmp/client1.log
Please do note thate PrivateTmp is considered *security hardening*.
So removing this feature is actually not making things better. It is
generally far better to put log files where they belong, into /var/log.
- --
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJX4/CNAAoJEIbPlEyWcf3ye4EP+wS0yG+ZUC3LjCXARNKvXq19
6jNJf7YBvTtsGt2CjPd9P9xNJ3YphcWh1Nwt2WS0gZJr2asu6E6YINMO6Wk5XM8S
5yW5Gv76BIqq/L+W8VulJ/SQPNC1vNkzyhBnk5TX2dpumGiOhkX9cKUAcnKUOo/6
Z0GCfBka10CfDzr1MgOH7wpaPKqFvAP0Ge+++WnEAIYw06NavaL26mir1/13WLgd
9IuE3zvmZYbjO2SoqX5PR4OYAyMpHdm6il0E/olkSbbSR6K5byzrPEUC34QjzIqp
NL01tQM1TEY8/SSJwi0ZOY0/MHGzrbwDx3E8L0+x2m4qDRnTr9mIsz43y7+kcM93
sy2ZgF8d1nWZ6rm9Dt60fW/Pcvbw+9+EZPXNd+7T9Lb9O2LD9k7iZRpzypC2DRI8
orukpTkmnKzHm4MYEMkYA+LsXihcc00xrNXef7P26BjJIRikYtIytixZtrBGWxae
f+lZr4WLWD1QnaSNMNU2407+beP9htxFOc+BwUcQuDqnaL/cy1rNWg/a7IOFZeDq
RX/WGq6Bg8siUk4D0bP1inT90N5HunOZmwPCiqYhW/s5s9sxh7YG/UZEGZ+iu7/l
dLTzFjrUV/cHEe+boyXs5Zea+09O9AxnZMWFZnr9U4/ek18Kdbl7hLxJTNZb/f/V
9hU+NzEfIGqjb78LYvbI
=EFql
-END PGP SIGNATURE-
--
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
