Menu
▾
▴
Re: [Openvpn-users] Problem to read the file referenced by crl-verify
|
From: James Y. <ji...@yo...> - 2004-10-04 15:57:35
|
On Mon, 4 Oct 2004, Luc Stepniewski wrote:
> When launching OpenVPN (server mode) with the "--daemon" option, I get the
> following error in the logs:
>
> GID set to nogroup
> UID set to nobody
> CRL: cannot read: my-openvpn-keys/crl.pem: No such file or directory (errno=2)
>
> The file exists and has 777 rights, and the directory where it resides is 777
> too.
> If I trace with 'strace -eopen', I get the following result:
>
> open("my-openvpn-keys/crl.pem", O_RDONLY) = -1 EACCES (Permission denied)
>
> The strange thing is that it works if I don't use the --daemon option. So I
> tried with an absolute path to the crl.pem file, and it worked!
>
> My conclusion is that when launching OpenVPN with "--daemon" mode, the rights
> are dropped to nobody:nogroup AND the directory is changed to something else
> than the one whereOpenVPN was launched, so relative references don't work
> anymore.
You can use relative paths with --daemon, but you need to put a --cd
option at the top of your config file to define the default directory from
which the relative paths will be resolved.
James
|
