On many Linux distributions, you already have the
nobody user and group. All you need to do to
configure OpenVPN to run as the nonprivileged user
nobody user is add user
nobody and group nobody
to the server configuration file. Or, your Linux distribution may have
created a unique OpenVPN user and group. But Debian doesn't have a
nobody user or group, nor does it create unique
users. What do you do?
No problem whatsoever. Just create an openvpn user and group, and use them:
# groupadd openvpn
# useradd -d /dev/null -g test -s /bin/false openvpnThen, add these lines to your OpenVPN configuration files:
user openvpn group openvpn persist-key
Do this for both servers and clients.
The nobody user tends to get a bit overburdened, so you should create a unique user for OpenVPN and not use nobody.
persist-key keeps the
connection up even after OpenVPN has dropped to the unprivileged
openvpn user, which cannot read private keys or
other root-only files.
man 8 openvpn
OpenVPN How-to: http://openvpn.net/howto.html
man 8 useradd