Pretty sure if you change the owner / group of the tap or tun device you are using to the user you want to bring up the tunnel you can avoid root.
G On Fri, Aug 12, 2011 at 5:40 AM, Michael W. Lucas <[email protected]> wrote: > Hi, > > I'm trying to get a SSH VPN working between a 4.9 i386 and a recent > 5.0 amd64 snapshot (with the MP#49 kernel). > > The tunnel works fine if I SSH in as root. My guts really protest at > enabling remote root logins, however. Yes, I can limit the access with > a Match statement. > > Surely I can change some device permissions, or use sudo, to permit a > particular otherwise-unprivileged user to bring up this VPN? Any > suggestions on where to look for that? I've tried several Internet > searches, but found nothing. > > Thanks, > ==ml > > -- > Michael W. Lucas > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ > [email protected], Twitter @mwlauthor
