From 0e2fa3923af580018920df32669f128473124995 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Sun, 14 Jun 2015 17:41:43 +0000
Subject: openvpn: let instances drop to nobody in default config.

This is for security precautions.  As persist_tun and persist_key are
already there, this should not cause compatibility issue.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45961 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/network/services/openvpn/files/openvpn.config | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'package/network/services/openvpn/files/openvpn.config')

diff --git a/package/network/services/openvpn/files/openvpn.config b/package/network/services/openvpn/files/openvpn.config
index 5cf0ba6be6..3e053c36a9 100644
--- a/package/network/services/openvpn/files/openvpn.config
+++ b/package/network/services/openvpn/files/openvpn.config
@@ -253,6 +253,7 @@ config openvpn sample_server
 	# of the privilege downgrade.
 	option persist_key 1
 	option persist_tun 1
+	option user nobody
 
 	# Output a short status file showing
 	# current connections, truncated
@@ -337,6 +338,7 @@ config openvpn sample_client
 	# Try to preserve some state across restarts.
 	option persist_key 1
 	option persist_tun 1
+	option user nobody
 
 	# If you are connecting through an
 	# HTTP proxy to reach the actual OpenVPN
-- 
cgit v1.2.3