[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] access tun/tap device without admin privileges on Linux


  • Subject: Re: [Openvpn-users] access tun/tap device without admin privileges on Linux
  • From: "Oliver Schinagl" <oliver@xxxxxxxxxxx>
  • Date: Thu, 28 Jun 2007 21:46:54 +0200 (CEST)
  • Importance: Normal

        As far I can tell, running openvpn without root privileges is
pretty much impossible. As stated earlier, if it's not the tap/tun device,
it's setting up the routing tables (openvpn needs to setup routes to be
usefull) or bridging devices. All these actions
require root privileges. Even if you could have openvpn do
EVERYthing, and give it suid bit, you still need to set that bit
as root?

 afaik you can't tar the binary with the 'proper' permissions and then
simply untar it suid root, if you could, that would bring interesting ways
to get into boxen :)

 So basically, you can't. It's not possible.

 Xavier Grehant schreef:    But editing the sudoers file requires admin
privileges or talking to the admin.. Xavier  On 6/28/07, Ralf Hildebrandt
 wrote:           * Xavier Grehant :                  I want to open a
vpn between Linux machines without root privileges and without talking to
the admin. Indeed I need to repetitively link via a vpn a number of
machines where I'm not root, and that belong different admins. It seems
that openvpn always needs to access the tun/tap device, which requires
admin privileges. Is there any workaround?                 sudo?  -- Ralf
Hildebrandt (i.A. des IT-Zentrums)         Ralf.Hildebrandt@xxxxxxxxxx
Charite - Universit&auml;tsmedizin Berlin            Tel.  +49 (0)30-450
570-155 Gemeinsame Einrichtung von FU- und HU-Berlin    Fax.  +49
(0)30-450 570-962 IT-Zentrum Standort CBF                    send no mail
to plonk@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users            ____________________________________________ Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users




____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users