Opened 6 years ago
Closed 16 months ago
#1089 closed Bug / Defect (worksforme)
Cannot use openvpn with config files under /home
| Reported by: | lrddsk | Owned by: | Samuli Seppänen |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Packaging | Version: | OpenVPN 2.4.4 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: | David Sommerseth |
Description
Currently openvpn is installed with the following configuration in its unit file:
ProtectHome?=true
This implies that /home and /root folders are not accessible to openvpn. In my case I have an ecryptfs folder which is mounted under /home/$user/Private and have symlinks to the actual config files from /etc/openvpn/client/. However due to the aforementioned systemd option I was not able to start openvpn until I changed ProtectHome? to 'read-only'.
I don't think having config files under /home can be considered an invalid use case. So please consider changing the option of ProtectHome?.
Change History (2)
comment:1 Changed 6 years ago by
comment:2 Changed 16 months ago by
| Cc: | David Sommerseth added |
|---|---|
| Resolution: | → worksforme |
| Status: | new → closed |
I think there are good reasons to protect /home against a binary that has elevated permissions and might be doing something "unauthorized". Yes, in your use case it makes sense to allow that, but this is very much not the typical use cases - so you can fix it in your unit files, problem solved.
That said, what goes into the unit files or not is more a distribution choice than something upstream openvpn can mandate. So if you really feel strongly about it, open a bug with your distribution.
cc