From: Samuli S. <sa...@op...> - 2016-02-12 08:53:35
|
Il 11/02/2016 22:23, Selva Nair ha scritto: > Hi, > > On Thu, Feb 11, 2016 at 11:42 AM, Samuli Seppänen <sa...@op... > <mailto:sa...@op...>> wrote: > > 2) OpenVPN-GUI points OpenVPN config directory to a system-wide location > > While OpenVPN-GUI now saves the registry keys under "HKCU" (=current > user) instead of "HKLM" (=local-machine), the default value for OpenVPN > configs is still C:\Program Files\OpenVPN\config (or equivalent). At > least on my test system the OpenVPN configuration files under that > directory could not be read by a normal user, even though listing the > files was permitted. This caused OpenVPN-GUI to see the config file, but > upon loading it just hanged. > > > Changing this default may break most setups as that is where the GUI > looked for configs for so long.. I was under the impression that > C:\Program FIles\ and directories & files under it are readable by all > users. And that matches with a few machines I checked (win 7, win10, > server2012). openvpn.nsis does not show any permission settings on these > folders either. May be there are some "hardened" systems where such > locations are not readable? The reason my user was unable to read configs in C:\Program Files\OpenVPN\config was related to ACLs. I had copied the config file there as the main administrator account, so the owner was wrong. This prevented the normal user from reading the file. I had to set the ACLs properly to fix the issue. While the above could be seen as a user mistake, the ACLs in Windows are pretty well hidden from normal users and even admins. This could end up being a minor support nightmare for us. > I'm don't write GUI, so anything beyond a warning popup is too hard for > me. Yet, it would be nice to have an initial configuration dialog (shown > at first run by each user) to set config_dir and possibly a few other > parameters. That would be good. We also need to warn about lack of permissions on the config files. Right now GUI just hangs if it can't read the OpenVPN config file. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock |