Hi!
I am developing an eduVPN client for Windows. Imagine the eduVPN client as a custom OpenVPN GUI. The client uses openvpn.exe for connecting, the configuration file is provided by eduVPN server once user authenticates using OAuth. User running the eduVPN client is not an administrator. Elevation is out of the question. I would like to use the Interactive Service to start openvpn.exe, but I have some problems: 1. The configuration file is dynamically downloaded by the eduVPN client and stored somewhere user can write (user's temporary folder for example). But the Interactive Service was specifically programmed to allow configurations from "C:\Program Files\OpenVPN\config" folder only. But user running eduVPN client can't write to this folder. 2. Interactive Service can launch openvpn.exe using any configuration file if user is a member of the "OpenVPN Administrators" group. Then, I would need to add all users of the computer to that group, again requiring elevation. Is there any specific reason, why Interactive Service is so paranoid, knowing that it launches openvpn.exe and all external scripts as the interactive user anyway? I have a work-around for this paradox in my sleeve: the eduVPN setup shall create an "eduVPN" subfolder in the "C:\Program Files\OpenVPN\config" folder, and grant all users desirable permissions*: a sort of public spool folder. But that would open the OpenVPN Interactive Service to any user and application. This is why we would like your opinion first. Best regards, Simon Rozman Amebis, d. o. o., Kamnik * By desirable permissions I mean: SYSTEM/Administrators = full access, Users = create new files, CREATOR OWNER = R/W)
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
