Best practices for scripting openconnect
Jon Dufresne
jon at erezlife.com
Fri May 25 11:01:48 EDT 2012
Hello,
I have a routine script that is used to transfer a group of files to
many hosts. Some of these hosts require a VPN connection. Each VPN
connection is different. I am using openconnect to automate this. The
basic flow is something like:
* Establish VPN connection
* Wait for VPN connection to finish
* Transfer files
* Disconnect VPN
* Wait for disconnect to finish
I have hit a few stumbling blocks, and so am looking for advice on best
practices for using openconnect in this manner.
I noticed I was unable to establish a VPN connection unless root. This
makes sense, but is unfortunate as now I am using sudo to establish the
connection. From what I can tell, this has the unfortunate side effect
that I must now be root to send the TERM signal. This would be less than
ideal as granting my user sudo access to kill seems questionable.
I then noticed the --setuid option. By using this I can kill the VPN
connection as a normal user. However, after using setuid, there are
shutdown errors and warnings. Is this normal or a bug? How should I use
this option effectively?
What is the best way to handle a script run by a normal user, but still
able to establish the VPN connection. I want to limit the use of sudo
and root as much as possible.
Thanks for any help,
Jon
More information about the openconnect-devel
mailing list