network-manager-openvpn does not allow you to make openvpn drop privileges

A further enhancement could be the creation of such a user if they don't exist when the package is installed. After all having user and group openvpn is preferable to simply nobody for logs etc. Perhaps the privilege drop could be incorporated by default?

Il

With network-manager-openvpn, the process is launched with the current user, not root powered. I'm nut sure I see the point of wanting to have yet another user just for this.

Status changed to 'Confirmed' because the bug affects multiple users.

I noticed this today and I'm astounded this reported bug from 2008 still exists this day. It's good decency and a good security practice for a program to drop root privileges after it's no longer needed, I can't understand why network manager does not enable openvpn to do this.

And no you don't need to create another user account for this. Example of networkmanager running openvpn (with some obfuscated details):
marvink@Desktop:~/keys/openvpn$ ps -ef | grep openvpn
root 11184 909 0 23:31 ? 00:00:00 /usr/lib/NetworkManager/nm-openvpn-service
root 11187 11184 0 23:31 ? 00:00:00 /usr/sbin/openvpn --remote {IP} --comp-lzo --nobind --dev tun --proto udp --port 1194 --auth-nocache --tls-auth {ta.key} 1 --syslog nm-openvpn --script-security 2 --up /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --up-restart --persist-key --persist-tun --management 127.0.0.1 1194 --management-query-passwords --route-noexec --ifconfig-noexec --client --ca {ca.crt} --cert {my.crt} --key {my.key}

me running openvpn manually:
marvink@Desktop:~/keys/openvpn$ ps -ef | grep openvpn
nobody 11920 2707 0 23:47 ? 00:00:00 /usr/sbin/openvpn --config {myconfig.ovpn}

Notice the own of the job, in NetworkManagers case it's root and with my own command it's 'nobody' while I used the same config file in both cases.