Opened 8 years ago
Closed 8 years ago
#738 closed Bug / Defect (fixed)
t_client together with SUDO fails on FreeBSD 10.3
Reported by: | Gert Döring | Owned by: | David Sommerseth |
---|---|---|---|
Priority: | minor | Milestone: | release 2.4 |
Component: | Building / Compiling | Version: | OpenVPN git master branch (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
my buildbot exhibits this strange behaviour: t_client kills the subprocess it started ($$), which happens to be "sudo" when running as such. Now, this nicely works everywhere, but on FreeBSD, sometimes the kill signal is just not passed on - so in "sh -x", you see this
+ echo 'stopping OpenVPN' stopping OpenVPN + sudo kill 27925 + wait 27925
... and then things just hang.
This might be a case of funny sudo policies, given this part of the man page:
If no I/O logging plugins are loaded and the policy plugin has not defined a close() function, set a command timeout or required that the command be run in a new pty, sudo may execute the command directly instead of running it as a child process.
but in any case, it would be more robust for t_client.sh to have openvpn create a PID file, and kill *that* process.
It is not a "major!!!" problem as it mainly hits those few who bother to set up t_client.rc *and* run it as non-root with sudo, but annoying still
Change History (3)
comment:1 Changed 8 years ago by
comment:2 Changed 8 years ago by
Owner: | changed from Gert Döring to David Sommerseth |
---|---|
Status: | new → assigned |
since it cannot be worked-around with KSU, assigning to dazo :-)
comment:3 Changed 8 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Fixed.
commit e0926ebfe55347843af701216be9598827a1367a (master) commit 057b70f1642336b7eb939f8515de791d515b8d04 (release/2.3) Author: David Sommerseth Date: Sat Sep 17 12:20:26 2016 +0300 t_client.sh: Make OpenVPN write PID file to avoid various sudo issues Trac: #738 Signed-off-by: David Sommerseth <davids@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1474104026-20615-1-git-send-email-davids@openvpn.net> URL: http://www.mail-archive.com/search?l=mid&q=1474104026-20615-1-git-send-email-davids@openvpn.net Signed-off-by: Gert Doering <gert@greenie.muc.de>
Just for reference: this can be worked around by adding this to sudoers:
but this is sort of "we could make it robust inside t_client.sh", so I consider the bug still open