forked from bubuntux/nordvpn
-
Notifications
You must be signed in to change notification settings - Fork 19
Permissions
Alexander Zinchenko edited this page Mar 29, 2026
·
4 revisions
The container runs OpenVPN as a dedicated nordvpn user and group. You can control the UID and GID of this user with environment variables.
| Variable | Default | Description |
|---|---|---|
PUID |
912 |
User ID for the nordvpn user |
PGID |
912 |
Group ID for the nordvpn group |
If you mount host volumes into containers that share the VPN's network namespace, OpenVPN (running as UID 912) may not have permission to read/write those files. Setting PUID and PGID to match your host user avoids permission issues.
id -u # your UID
id -g # your GIDdocker run -d --cap-add=NET_ADMIN --device /dev/net/tun \
-e USER=service_username -e PASS=service_password \
-e PUID=1000 -e PGID=1000 \
azinchen/nordvpnservices:
vpn:
image: azinchen/nordvpn:latest
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
environment:
- USER=service_username
- PASS=service_password
- PUID=1000
- PGID=1000During container startup, the init-adduser service:
- Checks the current UID/GID of the
nordvpnuser - If they don't match
PUID/PGID, updates them withusermod/groupmod - The credentials file (
/run/xt/auth) is then created with ownership set tonordvpn:nordvpn
This runs before OpenVPN starts, so the VPN process inherits the correct identity.
Configuration
- Server Selection
- Server Groups
- Technologies
- IPv6 Configuration
- Automatic Reconnection
- Local Network Access
- VPN Gateway Mode
- OpenVPN Options
- Custom DNS
- Permissions
Security
Examples
Operations
Reference