Bug 259384 - security/openvpn: Create dedicated user
Summary: security/openvpn: Create dedicated user
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Matthias Andree
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-23 17:21 UTC by Rob LA LAU
Modified: 2021-11-01 17:04 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (mandree)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rob LA LAU 2021-10-23 17:21:14 UTC
Hi,

With a default install, openvpn runs as user/group nobody. However, it is generally considered bad practice to have multiple services run under a single shared username. It would be better to create a dedicated openvpn user and group at install time, and patch the sample configuration files to reflect this.

Cheers,
  Rob
Comment 1 commit-hook freebsd_committer 2021-11-01 12:05:30 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=bb6ec079c50dc6f45700dd5897b35f66a19ee51c

commit bb6ec079c50dc6f45700dd5897b35f66a19ee51c
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2021-10-31 17:37:47 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2021-11-01 12:04:24 +0000

    security/openvpn: create and use dedicated openvpn user

    PR:             259384

 GIDs                                               |  2 +-
 UIDs                                               |  2 +-
 security/openvpn/Makefile                          | 12 +++++++-
 ...atch-doc_man-sections_generic-options.rst (new) | 11 ++++++++
 security/openvpn/files/patch-doc_openvpn.8 (new)   | 20 +++++++++++++
 .../openvpn/files/patch-doc_openvpn.8.html (new)   | 20 +++++++++++++
 security/openvpn/files/pkg-message.in              | 33 ++++++++++++++++------
 7 files changed, 89 insertions(+), 11 deletions(-)
Comment 2 commit-hook freebsd_committer 2021-11-01 17:04:23 UTC
A commit in branch 2021Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=96dcd4f08fcfd954d67e63f0dcf5264a275f6bc7

commit 96dcd4f08fcfd954d67e63f0dcf5264a275f6bc7
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2021-10-31 17:37:47 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2021-11-01 17:03:06 +0000

    security/openvpn: create and use dedicated openvpn user

    (two commits squashed for clarity)

    PR:             259384

    (cherry picked from commit bb6ec079c50dc6f45700dd5897b35f66a19ee51c)
    (cherry picked from commit 89d9e9320aff2d4c61be4c7dfa1b6829717bd034)

 GIDs                                               |  2 +-
 UIDs                                               |  2 +-
 security/openvpn/Makefile                          | 12 +++++++-
 ...atch-doc_man-sections_generic-options.rst (new) | 11 ++++++++
 security/openvpn/files/patch-doc_openvpn.8 (new)   | 20 +++++++++++++
 .../openvpn/files/patch-doc_openvpn.8.html (new)   | 20 +++++++++++++
 security/openvpn/files/pkg-message.in              | 33 ++++++++++++++++------
 7 files changed, 89 insertions(+), 11 deletions(-)