Hi,
On 29/03/2022 13:05, Gert Doering wrote:
@Antonio, we should really investigate that capability stuff :-)
I think this was already discussed somewhere else in the past. To talk
to the netlink API the NET_ADMIN capability is required - no need to be
root.
Therefore, just grant this capability to the binary with:
setcap cap_net_admin+eip /usr/sbin/openvpn
and then launch it with any user you want (no need to launch as root and
then drop to user nobody, unless there are other reasons for doing so).
Just tested here a few minutes ago.
Cheers,
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
