Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 316867 Details for
Bug 424373
net-misc/strongswan-5.0.0 - Outdated description about (non-)root privileges
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Strongswan-5.0.0.ebuild patch correcting the issue (please check!)
strongswan_update_description.patch (text/plain), 1.67 KB, created by
Ronald
on 2012-07-01 12:50:08 UTC
(
hide
)
Description:
Strongswan-5.0.0.ebuild patch correcting the issue (please check!)
Filename:
MIME Type:
Creator:
Ronald
Created:
2012-07-01 12:50:08 UTC
Size:
1.67 KB
patch
obsolete
>--- strongswan-5.0.0.ebuild 2012-07-01 12:45:17.000000000 +0200 >+++ /tmp/strongswan-5.0.0.ebuild 2012-07-01 14:38:14.566771198 +0200 >@@ -235,24 +235,16 @@ > if use non-root; then > elog > elog "${PN} has been installed without superuser privileges (USE=non-root)." >- elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" >- elog "but also a few to the IKEv2 daemon 'charon'." > elog > elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" > elog >- elog "pluto uses a helper script by default to insert/remove routing and" >- elog "policy rules upon connection start/stop which requires superuser" >- elog "privileges. charon in contrast does this internally and can do so" >- elog "even with reduced (user) privileges." >- elog >- elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" >- elog "script to pluto or charon which requires superuser privileges, you" >- elog "can work around this limitation by using sudo to grant the" >- elog "user \"ipsec\" the appropriate rights." >+ elog "If you require a custom updown script which requires superuser" >+ elog "privileges, you can work around this limitation by using sudo to" >+ elog "grant the user \"${UGID}\" the appropriate rights." > elog "For example (the default case):" >- elog "/etc/sudoers:" >- elog " Defaults:ipsec always_set_home,!env_reset" >- elog " ipsec ALL=(ALL) NOPASSWD: /usr/sbin/ipsec" >+ elog "/etc/sudoers.d/strongswan:" >+ elog " Defaults:${UGID} always_set_home,!env_reset" >+ elog " ${UGID} ALL=(ALL) NOPASSWD: /usr/sbin/ipsec _updown" > elog "Under the specific connection block in /etc/ipsec.conf:" > elog " leftupdown=\"sudo ipsec _updown\"" > elog
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=316867">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 424373
: 316867
