[Bug 559041] New: Bad failure mode when starting rcopenvpn as non-root
http://bugzilla.novell.com/show_bug.cgi?id=559041 http://bugzilla.novell.com/show_bug.cgi?id=559041#c0 Summary: Bad failure mode when starting rcopenvpn as non-root Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: All OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: gp@novell.com QAContact: qa@suse.de Found By: Product Management Blocker: --- When doing this as a regular user % rcopenvpn start you get Starting OpenVPN [SUSE] Enter Auth Username: ... Enter Auth Password: failed Which took me some time staring at, and retrying today, until I looked into /var/log/messages and saw the obvious: Nov 29 13:41:39 trevally openvpn[29323]: OpenVPN 2.1_rc18 x86_64-suse-linux [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 24 2009 Nov 29 13:41:44 trevally openvpn[29323]: NOTE: OpenVPN 2.1 requires '--script- security 2' or higher to call user-defined scripts or executables Nov 29 13:41:44 trevally openvpn[29323]: LZO compression initialized Nov 29 13:41:44 trevally openvpn[29323]: Open error on pid file /var/run /openvpn/SUSE.pid: Permission denied (errno=13) Nov 29 13:41:44 trevally openvpn[29323]: Exiting Can we provide a better feedback to the user, indicating it is a privilege issue? Right now the usability is really a bit tough... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559041
http://bugzilla.novell.com/show_bug.cgi?id=559041#c1
Gerald Pfeifer
http://bugzilla.novell.com/show_bug.cgi?id=559041
http://bugzilla.novell.com/show_bug.cgi?id=559041#c2
Marius Tomaschewski
http://bugzilla.novell.com/show_bug.cgi?id=559041
http://bugzilla.novell.com/show_bug.cgi?id=559041#c3
--- Comment #3 from Marius Tomaschewski
http://bugzilla.novell.com/show_bug.cgi?id=559041
http://bugzilla.novell.com/show_bug.cgi?id=559041#c4
--- Comment #4 from Gerald Pfeifer
guess, you've enabled an insufficient apparmor profile for openvpn. I was unable to reproduce it and I'll not grep messages for permission errors -- openvpn is using exit code 1 in most cases.
I am sorry, clearly my original description did not reflect what I had encountered and was trying to see addressed (AppArmor was not involved at all). Let me see whether a patch proposal brings the point across better. :-) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559041
http://bugzilla.novell.com/show_bug.cgi?id=559041#c5
Gerald Pfeifer
http://bugzilla.novell.com/show_bug.cgi?id=559041
http://bugzilla.novell.com/show_bug.cgi?id=559041#c6
Marius Tomaschewski
http://bugzilla.novell.com/show_bug.cgi?id=559041
http://bugzilla.novell.com/show_bug.cgi?id=559041#c7
Marius Tomaschewski
http://bugzilla.novell.com/show_bug.cgi?id=559041
http://bugzilla.novell.com/show_bug.cgi?id=559041#c8
--- Comment #8 from Gerald Pfeifer
participants (1)
-
bugzilla_noreply@novell.com