Bug 259384

Summary: security/openvpn: Create dedicated user
Product: Ports & Packages Reporter: Rob LA LAU <freebsd>
Component: Individual Port(s)Assignee: Matthias Andree <mandree>
Status: Closed FIXED    
Severity: Affects Many People Flags: bugzilla: maintainer-feedback? (mandree)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
See Also: https://community.openvpn.net/openvpn/ticket/1335

Description Rob LA LAU 2021-10-23 17:21:14 UTC 
Hi,

With a default install, openvpn runs as user/group nobody. However, it is generally considered bad practice to have multiple services run under a single shared username. It would be better to create a dedicated openvpn user and group at install time, and patch the sample configuration files to reflect this.

Cheers,
  Rob
Comment 1 commit-hook freebsd_committer freebsd_triage 2021-11-01 12:05:30 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=bb6ec079c50dc6f45700dd5897b35f66a19ee51c

commit bb6ec079c50dc6f45700dd5897b35f66a19ee51c
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2021-10-31 17:37:47 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2021-11-01 12:04:24 +0000

    security/openvpn: create and use dedicated openvpn user

    PR:             259384

 GIDs                                               |  2 +-
 UIDs                                               |  2 +-
 security/openvpn/Makefile                          | 12 +++++++-
 ...atch-doc_man-sections_generic-options.rst (new) | 11 ++++++++
 security/openvpn/files/patch-doc_openvpn.8 (new)   | 20 +++++++++++++
 .../openvpn/files/patch-doc_openvpn.8.html (new)   | 20 +++++++++++++
 security/openvpn/files/pkg-message.in              | 33 ++++++++++++++++------
 7 files changed, 89 insertions(+), 11 deletions(-)
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-11-01 17:04:23 UTC 
A commit in branch 2021Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=96dcd4f08fcfd954d67e63f0dcf5264a275f6bc7

commit 96dcd4f08fcfd954d67e63f0dcf5264a275f6bc7
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2021-10-31 17:37:47 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2021-11-01 17:03:06 +0000

    security/openvpn: create and use dedicated openvpn user

    (two commits squashed for clarity)

    PR:             259384

    (cherry picked from commit bb6ec079c50dc6f45700dd5897b35f66a19ee51c)
    (cherry picked from commit 89d9e9320aff2d4c61be4c7dfa1b6829717bd034)

 GIDs                                               |  2 +-
 UIDs                                               |  2 +-
 security/openvpn/Makefile                          | 12 +++++++-
 ...atch-doc_man-sections_generic-options.rst (new) | 11 ++++++++
 security/openvpn/files/patch-doc_openvpn.8 (new)   | 20 +++++++++++++
 .../openvpn/files/patch-doc_openvpn.8.html (new)   | 20 +++++++++++++
 security/openvpn/files/pkg-message.in              | 33 ++++++++++++++++------
 7 files changed, 89 insertions(+), 11 deletions(-)