Opened 12 months ago

Last modified 11 months ago

#1335 new Bug / Defect

OpenVPN's man page / documentation sugests to run daemon as user 'nobody' under Linux

Reported by: dirdi Owned by:
Priority: major Milestone:
Component: Documentation Version: OpenVPN 2.4.9 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: nobody privileges daemon
Cc: tct


The man page currently states:

By setting user to nobody or somebody similarly unprivileged,
the hostile party would be limited in what damage they could cause.

This is bad advice and can even lead to security breaches. One should never run a daemon as user 'nobody', but instead create a dedicated user (e.g. 'openvpn') for each daemon. This is because there is no separation between daemons that run under the same user. The user 'nobody' is dedicated to NFS, only.

See also:

Change History (2)

comment:1 Changed 12 months ago by tct

Cc: tct added

comment:2 Changed 11 months ago by Gert Döring

Patches to the (2.5.0 or master) documentation welcome.

Or even textual suggestions here in the ticket how the new text should read.

Note: See TracTickets for help on using tickets.