Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1142830] bug: openvpn server fails to reload with systemd
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 26 Jul 2019 13:06:14 +0000
  • Message-id: <bug-1142830-21960-mP3LRvclPD@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=1142830
http://bugzilla.suse.com/show_bug.cgi?id=1142830#c6

Reinhard Max <max@xxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID

--- Comment #6 from Reinhard Max <max@xxxxxxxx> ---
(In reply to Jon Brightwell from comment #5)

openvpn changes itself to nobody after initialisation. I'm wondering if a
reload tries to open those files after it has switched to nobody.

Switching to nobody happens at startup after reading these files. This step
cannot be reversed, so reload has no other chance than trying to read those
files as nobody (or whatever user openvpn was told to switch to).

This is also documented with the --persist-key option in the openvpn manual.

I see two possible ways for you to get around this:

1. Configure openvpn to switch to a user different from nobody and make the
config and key files readable for that user. This of course comes with a
certain security risk, because an attacker that hijacks the openvpn process
might be able to read these files.

2. Use restart instead of reload when you have changed the config file.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >