I noticed this today and I'm astounded this reported bug from 2008 still
exists this day. It's good decency and a good security practice for a
program to drop root privileges after it's no longer needed, I can't
understand why network manager does not enable openvpn to do this.
And no you don't need to create another user account for this. Example of
networkmanager running openvpn (with some obfuscated details):
marvink@Desktop:~/keys/openvpn$ ps -ef | grep openvpn
root 11184 909 0 23:31 ? 00:00:00
/usr/lib/NetworkManager/nm-openvpn-service
root 11187 11184 0 23:31 ? 00:00:00 /usr/sbin/openvpn --remote {IP}
--comp-lzo --nobind --dev tun --proto udp --port 1194 --auth-nocache --tls-auth
{ta.key} 1 --syslog nm-openvpn --script-security 2 --up
/usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --up-restart
--persist-key --persist-tun --management 127.0.0.1 1194
--management-query-passwords --route-noexec --ifconfig-noexec --client --ca
{ca.crt} --cert {my.crt} --key {my.key}
me running openvpn manually:
marvink@Desktop:~/keys/openvpn$ ps -ef | grep openvpn
nobody 11920 2707 0 23:47 ? 00:00:00 /usr/sbin/openvpn --config
{myconfig.ovpn}
Notice the own of the job, in NetworkManagers case it's root and with my own
command it's 'nobody' while I used the same config file in both cases.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/295691
Title:
network-manager-openvpn does not allow you to make openvpn drop
privileges
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/295691/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
