|
|
On 1/14/08, Wilhelm Meier <wilhelm.meier@xxxxxxxx> wrote: > The distinction must be made upon user-identities, not system > identities. You can use my branch for unprivileged mode of OpenVPN. svn checkout http://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21-unpriv This adds --user and --group to --mktun so that you can set ownership to tun device. Then write a simple script, such as /usr/local/sbin/myip: #!/bin/sh sudo /sbin/ip $* Add the following to sudoers, replacing @@X@@ with correct settings: @@USER@@ ALL=(ALL) NOPASSWD: /sbin/ip or: %@@GROUP@@ ALL=(ALL) NOPASSWD: /sbin/ip Add the following to your openvpn configuration: iproute /usr/local/sbin/myip dev @@TUN_WITH_CORRECT_OWNERSHIP@@ And that's it! You can run the OpenVPN daemon as the logged in user, and kill the process when the users logs out. Best Regards, Alon Bar-Lev. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |