Hello, I have a routine script that is used to transfer a group of files to many hosts. Some of these hosts require a VPN connection. Each VPN connection is different. I am using openconnect to automate this. The basic flow is something like: * Establish VPN connection * Wait for VPN connection to finish * Transfer files * Disconnect VPN * Wait for disconnect to finish I have hit a few stumbling blocks, and so am looking for advice on best practices for using openconnect in this manner. I noticed I was unable to establish a VPN connection unless root. This makes sense, but is unfortunate as now I am using sudo to establish the connection. From what I can tell, this has the unfortunate side effect that I must now be root to send the TERM signal. This would be less than ideal as granting my user sudo access to kill seems questionable. I then noticed the --setuid option. By using this I can kill the VPN connection as a normal user. However, after using setuid, there are shutdown errors and warnings. Is this normal or a bug? How should I use this option effectively? What is the best way to handle a script run by a normal user, but still able to establish the VPN connection. I want to limit the use of sudo and root as much as possible. Thanks for any help, Jon
