FAQ | This is a LIVE service | Changelog

Skip to content
Snippets Groups Projects

openvpn: allow all local users to use personal config dir

Merged Dr Adam Thorn requested to merge openvpn_permission_fix into master

We want users to be able to install and use their own config files which they keep under C:\users. However, openvpn performs a group membership check if a user tries to use such a profile, requiring membership of either the builtin Administrators group, or the group defined via the ovpn_admin_group setting (which defaults to "OpenVPN Administrators")

Note that the check is performed via a call to the Windows API function NetLocalGroupGetMembers() . The 'Users' group corresponds to the well-known SID S-1-5-32-545, which is:

https://github.com/ANSSI-FR/AD-permissions/blob/master/dbbrowser/docs/well-known_sids.txt

"A built-in group. After the initial installation of the operating system, the only member is the Authenticated Users group. When a computer joins a domain, the Domain Users group is added to the Users group on the computer."

Merge request reports

Merge request pipeline #535413 passed

Merge request pipeline passed for 57f34a40

Merged by Dr Adam ThornDr Adam Thorn 7 months ago (May 31, 2024 2:47pm UTC)

Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply
Loading