Menu
▾
▴
[Openvpn-users] Permission Error with systemd
|
From: Stefanie L. (Febas)
<ste...@pe...> - 2025-05-12 10:09:50
|
Hi. I have a fresh install of openvpn 3.5.0.8 on arch and try to get autostart for systemd working. The log is displaying this error: Options error: --key fails with 'gateway25.key': Permission denied (errno=13) Options error: --status fails with '/run/openvpn-server/status-gateway25.log': Permission denied (errno=13) I do not know special details about when openvpn drops privilegs but I get a shiver when there is a need to change perms or ownership for key files. What do you think/recommend? Thanks. The unit file looks like this: [Unit] Description=OpenVPN service for %I After=network-online.target Wants=network-online.target Documentation=man:openvpn(8) Documentation=https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] Type=notify PrivateTmp=true WorkingDirectory=/etc/openvpn/server ExecStart=/usr/bin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --config %i.conf User=openvpn Group=network AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WR> LimitNPROC=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true ProtectHome=true KillMode=process RestartSec=5s Restart=on-failure [Install] WantedBy=multi-user.target File permissions are as followed: [root@gatway25 /etc/openvpn/server]# ll insgesamt 24K drwxr-x--- 2 openvpn network 4,0K 12. Mai 10:32 ./ drwxr-xr-x 4 root root 4,0K 5. Mai 20:58 ../ -rw-r--r-- 1 root root 684 9. Mai 19:11 gateway25.crt -rw------- 1 root root 306 9. Mai 19:11 gateway25.key -rw------- 1 root root 636 11. Mai 21:04 gateway25.ta.key -rw-r--r-- 1 root root 2,4K 12. Mai 11:03 gateway25.conf |
