http://bugzilla.novell.com/show_bug.cgi?id=559041
http://bugzilla.novell.com/show_bug.cgi?id=559041#c2
Marius Tomaschewski changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
Severity|Normal |Enhancement
--- Comment #2 from Marius Tomaschewski 2009-11-30 10:21:26 UTC ---
Yes, I'm the maintainer.
Openvpn writes the pid as root:
root@exodus:/etc/openvpn # rcopenvpn start
Starting OpenVPN [tun0]
Enter Auth Username:mt
Enter Auth Password:
done
root@exodus:/etc/openvpn # l /var/run/openvpn/
insgesamt 12
drwxr-xr-x 2 root root 4096 2009-11-30 10:46:15 ./
drwxr-xr-x 25 root root 4096 2009-11-30 10:38:36 ../
-rw-r--r-- 1 root root 6 2009-11-30 10:46:15 tun0.pid
root@exodus:/etc/openvpn # grep -E "^user|^group" tun0.conf
user openvpn
group openvpn
root@exodus:/etc/openvpn # ps ax | grep openvpn | grep -v grep
12531 ? Ss 0:00 /usr/sbin/openvpn --daemon --writepid
/var/run/openvpn/tun0.pid --config /etc/openvpn/tun0.conf --cd /etc/openvpn
Even when there is a stale pid file because I've killed it manually,
the pid file is removed in the init script:
/etc/init.d/openvpn start
Starting OpenVPN [tun0] (removed stale pid file)
Enter Auth Username:mt
Enter Auth Password:
done
I guess, you've enabled an insufficient apparmor profile for openvpn.
I was unable to reproduce it and I'll not grep messages for permission
errors -- openvpn is using exit code 1 in most cases.
We also don't ship any openvpn configuration and also do not pass any
--user or --group options via init script.
It is also simply not enough to set the --user/--group options in the
config; many another options have to be set as well. Also it is often
required to use the "down-root" plugin to execute commands.
All this depends on the particular config/tunnel setup, the script use,
.. settings provided from the server side.
Even the initial start works in most cases, a "rcopenvpn reload" or
"rcopenvpn reopen" will fail in many cases.
There are (too) many corner cases that have to be considered when
running as non-root, that are described in the openvpn manual page.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.