mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-19 19:42:30 +02:00
documentation: avoid recommending --user nobody
Recommend to create an user dedicated to openvpn so that there is no priviledge escalation between different services using that user. cf. https://wiki.ubuntu.com/nobody Trac: #1335 CC: tincantech <tincantech@protonmail.com> Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20221129144731.35105-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25573.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
parent
fd1c460ccf
commit
a666482549
@ -294,7 +294,7 @@ which mode OpenVPN is configured as.
|
||||
--persist-key
|
||||
Don't re-read key files across :code:`SIGUSR1` or ``--ping-restart``.
|
||||
|
||||
This option can be combined with ``--user nobody`` to allow restarts
|
||||
This option can be combined with ``--user`` to allow restarts
|
||||
triggered by the :code:`SIGUSR1` signal. Normally if you drop root
|
||||
privileges in OpenVPN, the daemon cannot be restarted since it will now
|
||||
be unable to re-read protected key files.
|
||||
@ -491,7 +491,7 @@ which mode OpenVPN is configured as.
|
||||
able to gain control of an OpenVPN session. Though OpenVPN's security
|
||||
features make this unlikely, it is provided as a second line of defense.
|
||||
|
||||
By setting ``user`` to :code:`nobody` or somebody similarly unprivileged,
|
||||
By setting ``user`` to an unprivileged user dedicated to run openvpn,
|
||||
the hostile party would be limited in what damage they could cause. Of
|
||||
course once you take away privileges, you cannot return them to an
|
||||
OpenVPN session. This means, for example, that if you want to reset an
|
||||
@ -501,5 +501,10 @@ which mode OpenVPN is configured as.
|
||||
operations in order to restart (such as re-reading key files or running
|
||||
``ifconfig`` on the TUN device).
|
||||
|
||||
NOTE: Previous versions of openvpn used :code:`nobody` as the example
|
||||
unpriviledged user. It is not recommended to actually use that user
|
||||
since it is usually used by other system services already. Always
|
||||
create a dedicated user for openvpn.
|
||||
|
||||
--writepid file
|
||||
Write OpenVPN's main process ID to ``file``.
|
||||
|
@ -58,8 +58,8 @@ resolv-retry infinite
|
||||
nobind
|
||||
|
||||
# Downgrade privileges after initialization (non-Windows only)
|
||||
;user nobody
|
||||
;group nobody
|
||||
;user openvpn
|
||||
;group openvpn
|
||||
|
||||
# Try to preserve some state across restarts.
|
||||
persist-key
|
||||
|
@ -269,10 +269,10 @@ cipher AES-256-CBC
|
||||
# It's a good idea to reduce the OpenVPN
|
||||
# daemon's privileges after initialization.
|
||||
#
|
||||
# You can uncomment this out on
|
||||
# non-Windows systems.
|
||||
;user nobody
|
||||
;group nobody
|
||||
# You can uncomment this on non-Windows
|
||||
# systems after creating a dedicated user.
|
||||
;user openvpn
|
||||
;group openvpn
|
||||
|
||||
# The persist options will try to avoid
|
||||
# accessing certain resources on restart
|
||||
|
@ -47,11 +47,11 @@ cipher AES-256-GCM
|
||||
# for local and remote.
|
||||
; port 1194
|
||||
|
||||
# Downgrade UID and GID to
|
||||
# "nobody" after initialization
|
||||
# Downgrade UID and GID to an
|
||||
# unpriviledged user after initialization
|
||||
# for extra security.
|
||||
; user nobody
|
||||
; group nobody
|
||||
; user openvpn
|
||||
; group openvpn
|
||||
|
||||
# If you built OpenVPN with
|
||||
# LZO compression, uncomment
|
||||
|
@ -50,11 +50,11 @@ cipher AES-256-GCM
|
||||
# for local and remote.
|
||||
; port 1194
|
||||
|
||||
# Downgrade UID and GID to
|
||||
# "nobody" after initialization
|
||||
# Downgrade UID and GID to an
|
||||
# unpriviledged user after initialization
|
||||
# for extra security.
|
||||
; user nobody
|
||||
; group nobody
|
||||
; user openvpn
|
||||
; group openvpn
|
||||
|
||||
# If you built OpenVPN with
|
||||
# LZO compression, uncomment
|
||||
|
@ -2020,7 +2020,7 @@ do_close_tun(struct context *c, bool force)
|
||||
}
|
||||
|
||||
/* Run the down script -- note that it will run at reduced
|
||||
* privilege if, for example, "--user nobody" was used. */
|
||||
* privilege if, for example, "--user" was used. */
|
||||
run_up_down(c->options.down_script,
|
||||
c->plugins,
|
||||
OPENVPN_PLUGIN_DOWN,
|
||||
|
Loading…
Reference in New Issue
Block a user