[OpenWrt-Devel] [PATCH v2 2/3] openvpn: let instances drop to nobody in default config.
Yousong Zhou
yszhou4tech at gmail.com
Sun Jun 14 10:46:17 EDT 2015
This is for security precautions. As persist_tun and persist_key are
already there, this should not cause compatibility issue.
Signed-off-by: Yousong Zhou <yszhou4tech at gmail.com>
---
package/network/services/openvpn/files/openvpn.config | 2 ++
1 file changed, 2 insertions(+)
diff --git a/package/network/services/openvpn/files/openvpn.config b/package/network/services/openvpn/files/openvpn.config
index 5cf0ba6..3e053c3 100644
--- a/package/network/services/openvpn/files/openvpn.config
+++ b/package/network/services/openvpn/files/openvpn.config
@@ -253,6 +253,7 @@ config openvpn sample_server
# of the privilege downgrade.
option persist_key 1
option persist_tun 1
+ option user nobody
# Output a short status file showing
# current connections, truncated
@@ -337,6 +338,7 @@ config openvpn sample_client
# Try to preserve some state across restarts.
option persist_key 1
option persist_tun 1
+ option user nobody
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
--
1.7.10.4
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list