On Tue, Sep 9, 2025, at 2:08 PM, Marek Zarychta via Openvpn-users wrote: > W dniu 9.09.2025 o 19:23, Dan Langille pisze: >> On Tue, Sep 9, 2025, at 1:16 PM, Gert Doering wrote: >>> Hi, >>> >>> On Tue, Sep 09, 2025 at 07:07:36AM -0400, Dan Langille wrote: >>>> That's interesting: >>>> >>>> Sep 9 11:06:09 gw01 foo[26475]: my id: uid=0(root) gid=0(wheel) >>>> groups=0(wheel),5(operator) >>>> >>>> OpenVPN runs as root. >>> Interesting. So does "grep foo /etc/passwd" turn up anything? >> Yes, it finds the expected user (which is not actually foo). >> >> [17:22 gw01 dvl ~] % grep foo /etc/passwd >> foo:*:1002:1002:User &:/usr/home/foo:/bin/sh >> >> [17:22 gw01 dvl ~] % grep foo /etc/group >> wheel:*:0:root,dvl,foo >> foo:*:1002: >> > It will not run as user on recent FreeBSD, unless you disable DCO. If > you don't care for DCO and don't need to run learn-address script, then > please add to your config file: > > user openvpn > > disable-dco
Great point. DCO seems to speed things up a little bit. https://dan.langille.org/2025/03/10/get-faster-openvpn-on-freebsd-by-enabling-dco-easily-done/ I opted to have it on. Just for fun. I would prefer to run as non-root, that's often a goal for me. -- Dan Langille [email protected] _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
