aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2015-06-14 17:41:43 +0000
committerFelix Fietkau <nbd@openwrt.org>2015-06-14 17:41:43 +0000
commit2c9fbdf0bc7c9053ecbe362677b61e0278d6ac20 (patch)
treec5733b4f8bb490b6751d969f6a0d020acea8514e
parent3f726e7b2e113507b0359cb0161d253c6faab20a (diff)
downloadupstream-2c9fbdf0bc7c9053ecbe362677b61e0278d6ac20.tar.gz
upstream-2c9fbdf0bc7c9053ecbe362677b61e0278d6ac20.tar.bz2
upstream-2c9fbdf0bc7c9053ecbe362677b61e0278d6ac20.zip
openvpn: let instances drop to nobody in default config.
This is for security precautions. As persist_tun and persist_key are already there, this should not cause compatibility issue. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 45961
-rw-r--r--package/network/services/openvpn/files/openvpn.config2
1 files changed, 2 insertions, 0 deletions
diff --git a/package/network/services/openvpn/files/openvpn.config b/package/network/services/openvpn/files/openvpn.config
index 5cf0ba6be6..3e053c36a9 100644
--- a/package/network/services/openvpn/files/openvpn.config
+++ b/package/network/services/openvpn/files/openvpn.config
@@ -253,6 +253,7 @@ config openvpn sample_server
# of the privilege downgrade.
option persist_key 1
option persist_tun 1
+ option user nobody
# Output a short status file showing
# current connections, truncated
@@ -337,6 +338,7 @@ config openvpn sample_client
# Try to preserve some state across restarts.
option persist_key 1
option persist_tun 1
+ option user nobody
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN