diff options
| author | Frank Lichtenheld | 2022-11-29 15:47:31 +0100 |
|---|---|---|
| committer | Gert Doering | 2022-12-01 16:20:12 +0100 |
| commit | a6664825494c482e0cbf50ac4a91c6a33874d7a7 (patch) | |
| tree | 60ab6d49357cd2f260885053a26bdb051bf5ccda /doc | |
| parent | fd1c460ccfa38ca03e40e05524e2627917c58647 (diff) | |
| download | openvpn-a6664825494c482e0cbf50ac4a91c6a33874d7a7.zip openvpn-a6664825494c482e0cbf50ac4a91c6a33874d7a7.tar.gz | |
documentation: avoid recommending --user nobody
Recommend to create an user dedicated to openvpn
so that there is no priviledge escalation between
different services using that user.
cf. https://wiki.ubuntu.com/nobody
Trac: #1335
CC: tincantech <tincantech@protonmail.com>
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221129144731.35105-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25573.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man-sections/generic-options.rst | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/man-sections/generic-options.rst b/doc/man-sections/generic-options.rst index 394c218..d2b226c 100644 --- a/doc/man-sections/generic-options.rst +++ b/doc/man-sections/generic-options.rst @@ -294,7 +294,7 @@ which mode OpenVPN is configured as. --persist-key Don't re-read key files across :code:`SIGUSR1` or ``--ping-restart``. - This option can be combined with ``--user nobody`` to allow restarts + This option can be combined with ``--user`` to allow restarts triggered by the :code:`SIGUSR1` signal. Normally if you drop root privileges in OpenVPN, the daemon cannot be restarted since it will now be unable to re-read protected key files. @@ -491,7 +491,7 @@ which mode OpenVPN is configured as. able to gain control of an OpenVPN session. Though OpenVPN's security features make this unlikely, it is provided as a second line of defense. - By setting ``user`` to :code:`nobody` or somebody similarly unprivileged, + By setting ``user`` to an unprivileged user dedicated to run openvpn, the hostile party would be limited in what damage they could cause. Of course once you take away privileges, you cannot return them to an OpenVPN session. This means, for example, that if you want to reset an @@ -501,5 +501,10 @@ which mode OpenVPN is configured as. operations in order to restart (such as re-reading key files or running ``ifconfig`` on the TUN device). + NOTE: Previous versions of openvpn used :code:`nobody` as the example + unpriviledged user. It is not recommended to actually use that user + since it is usually used by other system services already. Always + create a dedicated user for openvpn. + --writepid file Write OpenVPN's main process ID to ``file``. |