I've just created a new NethServer (based on CentOS) system and an trying to get OpenVPN configured. I've found an anomaly with the --up and --down scripts.
When these are called, the PATH setting only contains: /usr/local/bin:/bin:/usr/bin There is no /sbin anymore.
Even if I add /sbin to the PATH, I still get "not found" failures for /sbin executables in scripts called from the --up/down.
Is this a configuration option, as my Zentyal server (based on Ubuntu) doesn't have this issue.
Cheers.
Restrictive PATH for called scripts
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
EddieA
- OpenVPN User
- Posts: 24
- Joined: Thu Jul 02, 2015 6:52 pm
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Restrictive PATH for called scripts
/sbin is appended to your PATH var if you are root, to verify that check your /etc/profile & /etc/bashrc
the reason for that is because binaries located in /sbin usually require root privs to operate correctly.
can you post your configs?
Michael.
the reason for that is because binaries located in /sbin usually require root privs to operate correctly.
can you post your configs?
Michael.
-
EddieA
- OpenVPN User
- Posts: 24
- Joined: Thu Jul 02, 2015 6:52 pm
Re: Restrictive PATH for called scripts
I realised after I posted that I hadn't fully qualified the checks I'd made to ensure that the script was indeed running as root, and because that was my first post, I couldn't reply until it had been moderated. 
The --up/down script also creates/deletes files in a directory that only root has permission to and they are correctly tagged as owned by root. I also echo'd out the result of "id -u -n" which gave me "root".
The exact same OpenVPN configuration, when run on my Zentyal (Ubuntu based) system has the --up/down scripts called with this PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Not sure it helps, but here's the config:
Cheers.
The --up/down script also creates/deletes files in a directory that only root has permission to and they are correctly tagged as owned by root. I also echo'd out the result of "id -u -n" which gave me "root".
The exact same OpenVPN configuration, when run on my Zentyal (Ubuntu based) system has the --up/down scripts called with this PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Not sure it helps, but here's the config:
Code: Select all
dev tun
fast-io
persist-key
persist-tun
nobind
remote uk-kent-cluster.expressnetwork.net 1194
remote-random
pull
comp-lzo
tls-client
tls-remote server
ns-cert-type server
verb 3
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
log-append /var/log/openvpn/UK-VPN.log
status /var/log/openvpn/status-UK-VPN.log
verb 3
route-nopull
script-security 2
up-restart
up /etc/openvpn/tunup.sh
down /etc/openvpn/tundown.sh
<cert>
...removed...
</cert>
<key>
...removed...
</key>
<tls-auth>
...removed...
</tls-auth>
<ca>
...removed...
</ca>