diff options
| author | Felix Fietkau <nbd@openwrt.org> | 2015-06-14 17:41:43 +0000 |
|---|---|---|
| committer | Felix Fietkau <nbd@openwrt.org> | 2015-06-14 17:41:43 +0000 |
| commit | 0e2fa3923af580018920df32669f128473124995 (patch) | |
| tree | 70e254d61d2ce131d575a0c7721cfd186bd739a3 /package | |
| parent | 9d3092f3d14cf08542caed439f2520bf7536090c (diff) | |
| download | master-187ad058-0e2fa3923af580018920df32669f128473124995.tar.gz master-187ad058-0e2fa3923af580018920df32669f128473124995.tar.bz2 master-187ad058-0e2fa3923af580018920df32669f128473124995.zip | |
openvpn: let instances drop to nobody in default config.
This is for security precautions. As persist_tun and persist_key are
already there, this should not cause compatibility issue.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45961 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package')
| -rw-r--r-- | package/network/services/openvpn/files/openvpn.config | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/package/network/services/openvpn/files/openvpn.config b/package/network/services/openvpn/files/openvpn.config index 5cf0ba6be6..3e053c36a9 100644 --- a/package/network/services/openvpn/files/openvpn.config +++ b/package/network/services/openvpn/files/openvpn.config @@ -253,6 +253,7 @@ config openvpn sample_server # of the privilege downgrade. option persist_key 1 option persist_tun 1 + option user nobody # Output a short status file showing # current connections, truncated @@ -337,6 +338,7 @@ config openvpn sample_client # Try to preserve some state across restarts. option persist_key 1 option persist_tun 1 + option user nobody # If you are connecting through an # HTTP proxy to reach the actual OpenVPN |