On Tue, Nov 21, 2017 at 12:17 PM, fragmentux <fragmen...@gmail.com> wrote:
> Hi Selva,
>
> On 21/11/17 16:32, Selva wrote:
>
>> Hi,
>>
>>>
>>>>
>>>>
>>>> Presume that the user does not have admin rights :
>>>
>>> A non-admin user could copy the admin protected config file from \program
>>> files\openvpn\config -to- \users\$user\openvpn\config and modify it to
>>> include the --pull-filter.
>>>
>>>
>> Will not work in 2.4 unless the user is in OpenVPN Administrators
>> group which requires admin's blessings
>>
>
> The user *must* be a member of said group to successfully use the GUI
> anyway .. Thus, presuming the admin has made the user a member in order
> to use the VPN at all, the user *can* (I just have on w10) modify the
> config and run it.
Not really.
The GUI does not need the user to be a member of the that group to
successfully
use the interactive service and run as limited user.
You can install configs in the global location where user only has read
access, and
no membership in the said group is needed to use the interactive service.
Everything
should work with GUI and openvpn running as limited user and the
interactive service
handling privileged tasks.
This is useful even if the user knows the admin password: many users I help
are rather clueless and need and appreciate some protection from themselves.
Selva
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users