[Pkg-utopia-maintainers] Bug#699573: Bug#699573: network-manager-openvpn: config export sets non-existing group
Michael Biebl
biebl at debian.org
Thu Feb 21 13:53:46 UTC 2013
forcemerge 592527 699573
thanks
On 21.02.2013 14:34, Michael Biebl wrote:
> On 01.02.2013 23:37, Dominik George wrote:
>> Package: network-manager-openvpn
>> Version: 0.9.4.0-1
>> Severity: minor
>>
>> The config export option sets an invalid unprivileged group in its output. It sets:
>>
>> user nobody
>> group nobody
>
> Are you sure? By default nm-openvpn uses user/group openvpn. See [1].
> Can you re-export the connection and check again?
>
>> It should be:
>>
>> user nobody
>> group nogroup
>
> As said, nm-openvpn currently uses user/group openvpn, which is wrong
> too. Given that the openvpn daemon runs as root by default in Debian,
> this should be user/group root.
>
> Michael
>
>
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592527
So, I've had a quick discussion on #debian-devel about this topic:
Since the exported .conf file uses
persist-key
persist-tun
using
user nobody
user nogroup
is safe and probably the correct thing to do.
In that mode, openvpn will drop privs as soon as it has read the certs
and setup the network interfaces.
Merging those two bug reports.
Cheers,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20130221/b1d68cac/attachment-0001.pgp>
More information about the Pkg-utopia-maintainers
mailing list