Re: [systemd-devel] Having trouble connecting to VPN on Whonix

Mon, 20 Nov 2017 04:32:17 -0800 

On So, 19.11.17 00:18, דניאל חומדוב ([email protected]) wrote:

> root@host:/home/user# systemctl status [email protected]                
>                                                        
> ● [email protected] - OpenVPN connection to openvpn                     
>                                                        
>    Loaded: loaded (/lib/systemd/system/[email protected]; disabled)            
>                                                        
>   Drop-In: /lib/systemd/system/[email protected]                      
>                                                        
>            └─50_unpriv.conf                                                   
>                                                        
>    Active: failed (Result: exit-code) since Sat 2017-11-18 20:49:51 UTC; 20s 
> ago                                                     
>   Process: 2489 ExecStartPre=/usr/bin/sudo /usr/sbin/openvpn --rmtun --dev 
> tun0 (code=exited, status=1/FAILURE)                      
>                                                                               
>                                                        
> Nov 18 20:49:51 host sudo[2489]: #1) Respect the privacy of others.           
>                                                        
> Nov 18 20:49:51 host sudo[2489]: #2) Think before you type.                   
>                                                        
> Nov 18 20:49:51 host sudo[2489]: #3) With great power comes great 
> responsibility.                                                    
> Nov 18 20:49:51 host sudo[2489]: sudo: no tty present and no askpass program 
> specified                                               
> Nov 18 20:49:51 host sudo[2489]: pam_unix(sudo:auth): conversation failed     
>                                                        
> Nov 18 20:49:51 host sudo[2489]: pam_unix(sudo:auth): auth could not identify 
> password for [tunnel]                                  
> Nov 18 20:49:51 host sudo[2489]: tunnel : command not allowed ; TTY=unknown ; 
> PWD=/etc/openvpn ; USER=root ; COMMAND=/usr/s...ev tun0
> Nov 18 20:49:51 host systemd[1]: [email protected]: control process 
> exited, code=exited status=1
> Nov 18 20:49:51 host systemd[1]: Failed to start OpenVPN connection to 
> openvpn.
> Nov 18 20:49:51 host systemd[1]: Unit [email protected] entered failed 
> state.

This is a systemd issue. Your sudo command in the openvpn service
failed, because it needed a password, but couldn't query one, as
services in systemd run with stdin/stdout/stderr not connected to an
interactive TTY, but connected to /dev/null (in the case of stdin) and
the logging subsystem (in the case of stdout/stderr).

Or in other words: something is wrong with your unit file, or with the
drop-in you prepared. It shouldn't use sudo really. sudo is primarily
an interactive tool. If you want change privilege for non-interactive
tools, such as daemons, then setpriv(1) is the right tool to use. That
said, systemd can drop privileges for you anyway with "User="...

Lennart

-- 
Lennart Poettering, Red Hat
_______________________________________________
systemd-devel mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to