From: Klemens Nanni Date: Sat, 26 Apr 2025 12:19:03 +0000 (+0300) Subject: Fix tmp-dir documentation X-Git-Tag: v2.6.15~22 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6ca0fb4a0966c7dc80de4c45472281246961ad52;p=thirdparty%2Fopenvpn.git Fix tmp-dir documentation Mention its default (on non-Windows systems), rephrase for brevity, fix grammar, correct the module environment variable name and remove a wrong default mentioned in a related option. Acked-by: Frank Lichtenheld Message-Id: <20250426121903.67930-1-kn@openbsd.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31514.html Signed-off-by: Gert Doering (cherry picked from commit 9ecaf2400a7b399166c0698c30d413b91cd4f534) --- diff --git a/doc/man-sections/generic-options.rst b/doc/man-sections/generic-options.rst index f805d13ed..f24276520 100644 --- a/doc/man-sections/generic-options.rst +++ b/doc/man-sections/generic-options.rst @@ -465,12 +465,11 @@ which mode OpenVPN is configured as. independently of network and tunnel issues. --tmp-dir dir - Specify a directory ``dir`` for temporary files. This directory will be - used by openvpn processes and script to communicate temporary data with - openvpn main process. Note that the directory must be writable by the - OpenVPN process after it has dropped it's root privileges. + Specify a directory ``dir`` for temporary files instead of the default + :code:`TMPDIR` (or "/tmp" if unset). Note that it must be writable by the main + process after it has dropped root privileges. - This directory will be used by in the following cases: + This directory will be used to communicate with scripts and plugins: * ``--client-connect`` scripts and :code:`OPENVPN_PLUGIN_CLIENT_CONNECT` plug-in hook to dynamically generate client-specific configuration @@ -480,7 +479,7 @@ which mode OpenVPN is configured as. * :code:`OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY` plug-in hooks returns success/failure via :code:`auth_control_file` when using deferred auth - method and pending authentication via :code:`pending_auth_file`. + method and pending authentication via :code:`auth_pending_file`. --use-prediction-resistance Enable prediction resistance on mbed TLS's RNG. diff --git a/doc/man-sections/script-options.rst b/doc/man-sections/script-options.rst index 0d1f9aecf..e48710baf 100644 --- a/doc/man-sections/script-options.rst +++ b/doc/man-sections/script-options.rst @@ -87,11 +87,9 @@ SCRIPT HOOKS and password to the first two lines of a temporary file. The filename will be passed as an argument to ``cmd``, and the file will be automatically deleted by OpenVPN after the script returns. The location - of the temporary file is controlled by the ``--tmp-dir`` option, and - will default to the current directory if unspecified. For security, - consider setting ``--tmp-dir`` to a volatile storage medium such as - :code:`/dev/shm` (if available) to prevent the username/password file - from touching the hard drive. + of the temporary file is controlled by the ``--tmp-dir`` option. For security, + consider setting it to a volatile storage medium such as :code:`/dev/shm` (if + available) to prevent the username/password file from touching the hard drive. The script should examine the username and password, returning a success exit code (:code:`0`) if the client's authentication request is to be