Best practices for scripting openconnect

[Jon Dufresne]

Hello,

I have a routine script that is used to transfer a group of files to
many hosts. Some of these hosts require a VPN connection. Each VPN
connection is different. I am using openconnect to automate this. The
basic flow is something like:

* Establish VPN connection
* Wait for VPN connection to finish
* Transfer files
* Disconnect VPN
* Wait for disconnect to finish

I have hit a few stumbling blocks, and so am looking for advice on best
practices for using openconnect in this manner.

I noticed I was unable to establish a VPN connection unless root. This
makes sense, but is unfortunate as now I am using sudo to establish the
connection. From what I can tell, this has the unfortunate side effect
that I must now be root to send the TERM signal. This would be less than
ideal as granting my user sudo access to kill seems questionable.

I then noticed the --setuid option. By using this I can kill the VPN
connection as a normal user. However, after using setuid, there are
shutdown errors and warnings. Is this normal or a bug? How should I use
this option effectively?

What is the best way to handle a script run by a normal user, but still
able to establish the VPN connection. I want to limit the use of sudo
and root as much as possible.

Thanks for any help,
Jon