Wrong ownership openvpn.keydir

[roumano]

Fix #15

[lobsterdore]

OpenVPN drops to the nobody user after initialization, so it reads keys as root and then changes user, I have been using the current setup for quite a while without this issue. Are you sure that there isn't something else causing this to happen? Perhaps you are starting the service as a non-root user?

[roumano]

It's look like it's not drops to nobody after initializaiton but use nobody to start the service

• process started :

root@openvpn:~# ps -ef |grep [o]penvpn |grep -v openvpn_exporter
nobody    8369     1  0 Jan08 ?        00:01:39 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf

• Configuration :

root@openvpn:~# egrep 'user|group' /etc/openvpn/server.conf 
user nobody
group nogroup

• systemd service :

cat /lib/systemd/system/openvpn.service
# This service is actually a systemd target,
# but we are using a service since targets cannot be reloaded.

[Unit]
Description=OpenVPN service
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecReload=/bin/true
WorkingDirectory=/etc/openvpn

[Install]
WantedBy=multi-user.target

Used & Tested on Debian 8.10
i have found this issue in openvpn log (when starting the service) but even with this issue the openvpn service is working & useable

[lobsterdore]

Sorry for the late response, I need do some testing around this as I am not 100% comfortable with the solution, should have a come back soon.