Opened 4 years ago

Closed 4 years ago

#738 closed Bug / Defect (fixed)

t_client together with SUDO fails on FreeBSD 10.3

Reported by: Gert Döring Owned by: David Sommerseth
Priority: minor Milestone: release 2.4
Component: Building / Compiling Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

my buildbot exhibits this strange behaviour: t_client kills the subprocess it started ($$), which happens to be "sudo" when running as such. Now, this nicely works everywhere, but on FreeBSD, sometimes the kill signal is just not passed on - so in "sh -x", you see this

+ echo 'stopping OpenVPN'
stopping OpenVPN
+ sudo kill 27925
+ wait 27925

... and then things just hang.

This might be a case of funny sudo policies, given this part of the man page:

     If no I/O logging plugins are loaded and the policy plugin has not
     defined a close() function, set a command timeout or required that the
     command be run in a new pty, sudo may execute the command directly
     instead of running it as a child process.

but in any case, it would be more robust for t_client.sh to have openvpn create a PID file, and kill *that* process.

It is not a "major!!!" problem as it mainly hits those few who bother to set up t_client.rc *and* run it as non-root with sudo, but annoying still

Change History (3)

comment:1 Changed 4 years ago by Gert Döring

Just for reference: this can be worked around by adding this to sudoers:

Defaults !pam_session,!pam_setcred

but this is sort of "we could make it robust inside t_client.sh", so I consider the bug still open

comment:2 Changed 4 years ago by Gert Döring

Owner: changed from Gert Döring to David Sommerseth
Status: newassigned

since it cannot be worked-around with KSU, assigning to dazo :-)

comment:3 Changed 4 years ago by David Sommerseth

Resolution: fixed
Status: assignedclosed

Fixed.

commit e0926ebfe55347843af701216be9598827a1367a  (master)
commit 057b70f1642336b7eb939f8515de791d515b8d04  (release/2.3)
Author: David Sommerseth
Date:   Sat Sep 17 12:20:26 2016 +0300

     t_client.sh: Make OpenVPN write PID file to avoid various sudo issues

     Trac: #738
     Signed-off-by: David Sommerseth <davids@openvpn.net>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <1474104026-20615-1-git-send-email-davids@openvpn.net>
     URL: http://www.mail-archive.com/search?l=mid&q=1474104026-20615-1-git-send-email-davids@openvpn.net
     Signed-off-by: Gert Doering <gert@greenie.muc.de>
Note: See TracTickets for help on using tickets.