Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 424373
Collapse All | Expand All

(-)strongswan-5.0.0.ebuild (-14 / +6 lines)
Lines 235-258 Link Here
235
	if use non-root; then
235
	if use non-root; then
236
		elog
236
		elog
237
		elog "${PN} has been installed without superuser privileges (USE=non-root)."
237
		elog "${PN} has been installed without superuser privileges (USE=non-root)."
238
		elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
239
		elog "but also a few to the IKEv2 daemon 'charon'."
240
		elog
238
		elog
241
		elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
239
		elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
242
		elog
240
		elog
243
		elog "pluto uses a helper script by default to insert/remove routing and"
241
		elog "If you require a custom updown script which requires superuser"
244
		elog "policy rules upon connection start/stop which requires superuser"
242
		elog "privileges, you can work around this limitation by using sudo to"
245
		elog "privileges. charon in contrast does this internally and can do so"
243
		elog "grant the user \"${UGID}\" the appropriate rights."
246
		elog "even with reduced (user) privileges."
247
		elog
248
		elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
249
		elog "script to pluto or charon which requires superuser privileges, you"
250
		elog "can work around this limitation by using sudo to grant the"
251
		elog "user \"ipsec\" the appropriate rights."
252
		elog "For example (the default case):"
244
		elog "For example (the default case):"
253
		elog "/etc/sudoers:"
245
		elog "/etc/sudoers.d/strongswan:"
254
		elog "  Defaults:ipsec always_set_home,!env_reset"
246
		elog "  Defaults:${UGID} always_set_home,!env_reset"
255
		elog "  ipsec ALL=(ALL) NOPASSWD: /usr/sbin/ipsec"
247
		elog "  ${UGID} ALL=(ALL) NOPASSWD: /usr/sbin/ipsec _updown"
256
		elog "Under the specific connection block in /etc/ipsec.conf:"
248
		elog "Under the specific connection block in /etc/ipsec.conf:"
257
		elog "  leftupdown=\"sudo ipsec _updown\""
249
		elog "  leftupdown=\"sudo ipsec _updown\""
258
		elog
250
		elog

Return to bug 424373