I'm wondering if there's a way to use 'suid' for the Cisco vpnclient. I see discussion on the web regarding versions that had the bit set by default. I'm using v4.8.00 (0490), and when I try to set either the suid or sgid bits I get the following error:
Has this been disabled by Cisco as a security issue or something?
vpnclient cannot have setuid or setgid permissions.
When I run it as user I get:
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 220.127.116.11-21.11-default #1 Thu Feb 2 20:54:26 UTC 2006 i686
Config file directory: /etc/opt/cisco-vpnclient
privsep: unable to drop privileges: group set failed.
The application was unable to communicate with the VPN sub-system.
You should set the suid bit of cvpnd instead of vpnclient:
# chmod 4111 /opt/cisco-vpnclient/bin/cvpnd
My Blog: http://ahlamnote.blogspot.com/
I got the same message after installing the client on OpenSUSE 10.2 and trying to start the client. Running 'chmod 4111 /opt/cisco-vpnclient/bin/cvpnd' (as root) resolved the problem. Thanks.