Ubuntu
openvpn package

udev rules for tun device have wrong permisisons

Bug #292293 reported by Simon
4
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: udev

The UDEV rules for the TUN device currently set the permissions as "600". However, in order to run openvpn as an unprivileged user, the permissions need to be set to "666".

Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

In order to write to anything as an unprivileged user, you need to set the permissions to 666

That doesn't mean it should be the default! We have privilege separation for a reason.

Changed in udev:
status: New → Won't Fix
Revision history for this message
Simon (simon-d-matthews+ubuntubugs) wrote :

The default install of openvpn uses an unprivileged user. Once the initial tunnel initial tunnel is set up and the daemon drops privileges, it is unable to manipulate the tun device.

Changed in udev:
status: Won't Fix → New
Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

Then that's a bug in OpenVPN, as you've reassigned it to.

We're not shipping with default permissions to allow any user to create network tunnels.

Revision history for this message
Andreas Olsson (andol) wrote :

The default OpenVPN configuration starts as root, hence no permission problems regarding the tun device.

If you wish a different default from OpenVPN, then that's a different "bug".

Changed in openvpn:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.