/
nonroot.xml
31 lines (25 loc) · 1.23 KB
/
nonroot.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<PAGE>
<VAR match="VAR_ORIGIN" replace="" />
<VAR match="VAR_CVSID" replace=""/>
<INCLUDE file="inc/header.tmpl" />
<VAR match="VAR_SEL_FEATURES" replace="selected" />
<VAR match="VAR_SEL_FEATURE_NONROOT" replace="selected" />
<PARSE file="menu1.xml" />
<PARSE file="menu2-features.xml" />
<INCLUDE file="inc/content.tmpl" />
<h1>Running as non-root user</h1>
<p>There are two ways that OpenConnect can run without root
privileges. The first is that it can use a tun device which is created
and configured in advance by the root user, and set to be owned by the
user who runs OpenConnect. NetworkManager uses OpenConnect in this mode.</p>
<p>The second is that it can avoid using the tun device altogether and
instead spawn a user-supplied program, passing all data traffic
through a UNIX socket to that program. This latter option can be used
in conjunction with a userspace TCP stack such as <a
href="http://savannah.nongnu.org/projects/lwip/">lwip</a> to provide
SOCKS access to the VPN without giving full access to all untrusted
users and processes on the computer, and without requiring root
privileges at all. <a href="http://repo.or.cz/w/ocproxy.git">ocproxy</a>
is one such implementation.</p>
<INCLUDE file="inc/footer.tmpl" />
</PAGE>