Easy-RSA failed to create temporary file #482
Comments
|
You probably need to be using an administrator account. |
|
EDIT: It turns out its a permissions error as C:\Program Files\OpenVPN\ is unable to be edited unless you grant 'user' the permissions to modify and edit the folder @TinCanTech yeah, I tried using the Administrator account, this was the only way. |
|
The error with the temporary folder does need to be addressed. Because you are running windows, I invite you to help us test some changes that are being made. |
|
Sure, I'd be glad to help test this out. BTW this is also happening: |
|
Hi i'm facing the same issue, is there any solution ? (windows 11) Thanks
|
|
@amoncer The long answer, is that I had to re-image my machine, and uninstall some wack windows feature update in order to get it to work. More information is also available in Issue 483 |
|
If this is a problem with I do not have access to Windows 11 so I cannot test, however, there is probably a simple work around:
|
|
I got the same error, re-ran the command as Administrator, and solved it. |
|
@kthamel All programs that write data to Windows System Folders require administrator privileges, This is not a bug in EasyRSA or any other program. However, storing your Easy-RSA PKI in Windows System Folders is insecure, because these folders are World Readable, by default. In future, Easyrsa may even prohibit the use of Windows System Folders, in favor of Windows User Folders, which are only readable by the User or privileged user accounts. I strongly suggest that you copy Or define your PKI with command line option:
|
@TinCanTech Hello there! Could you please explain more verbose what does "World Readable" mean and why is it so? At first glance at this phrase there becomes an impression that anyone from the net can read the folder? |
Is your issue with my comment above or the |
My question is regarding the information in your comment stating that storing PKI inside the OpenVPN installation folder in Program Files is insecure. Sorry for ambiguity |
It is less than optimal. |
I agree it is not optimal, but you stated that it's World Readable and added the same information message to EasyRSA. |
|
I could disable the warning. Considering the minority that this may effect, I'm still good with it. Operating system security is a separate challenge. |
|
Keep the warnimg for any world readable path.
Eric F Crist
…________________________________
From: TinCanTech ***@***.***>
Sent: Saturday, October 7, 2023 6:24:13 PM
To: OpenVPN/easy-rsa ***@***.***>
Cc: Subscribed ***@***.***>
Subject: Re: [OpenVPN/easy-rsa] Easy-RSA failed to create temporary file (Issue #482)
I could disable the warning.
Considering the minority that this may effect, I'm still good with it.
Operating system security is a separate challenge.
—
Reply to this email directly, view it on GitHub<#482 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AANXQP7M2IIB57AOWMKPRRLX6HQB3AVCNFSM5PAGV2F2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCNZVGE4DKMRSGM3Q>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
|
I will disable |
|
@TinCanTech I have to apologize, I didn't know the term "World readable" before and didn't find something about it on the Internet before asking my question here. Now I understand the idea. It is actually a good point to log the message with recommendations to move pki to some user folder. The only thing that could be optionally done is to make the explanation a bit clearer for people like me 😅 At least to change "World readable" to "Readable by other OS users" |
|
Disabled the warning via #1033 |
It fails on install, using latest version of everything, and up to date windows install.
The text was updated successfully, but these errors were encountered: