Merge 1182e98aed0ec0113ece9d345997c1559351595e into e2d4990ae194e37fd5162168a8aac5e2d89e0e8d

openvpn-install.sh

@@ -1129,10 +1129,12 @@ function newClient() {
 		echo "Client $CLIENT added."
 	fi
 
+	if [[ -z "$CLIENT_FILEPATH" ]]; then
 		# Home directory of the user, where the client configuration will be written
 		if [ -e "/home/${CLIENT}" ]; then
 			# if $1 is a user name
 			homeDir="/home/${CLIENT}"
+			CLIENT_OWNER="$CLIENT"
 		elif [ "${SUDO_USER}" ]; then
 			# if not, use SUDO_USER
 			if [ "${SUDO_USER}" == "root" ]; then
@@ -1141,11 +1143,15 @@ function newClient() {
 			else
 				homeDir="/home/${SUDO_USER}"
 			fi
+			CLIENT_OWNER="$SUDO_USER"
 		else
 			# if not SUDO_USER, use /root
 			homeDir="/root"
 		fi
 
+		CLIENT_FILEPATH="$homeDir/$CLIENT.ovpn"
+	fi
+
 	# Determine if we use tls-auth or tls-crypt
 	if grep -qs "^tls-crypt" /etc/openvpn/server.conf; then
 		TLS_SIG="1"
@@ -1154,7 +1160,7 @@ function newClient() {
 	fi
 
 	# Generates the custom client.ovpn
-	cp /etc/openvpn/client-template.txt "$homeDir/$CLIENT.ovpn"
+	cp /etc/openvpn/client-template.txt "$CLIENT_FILEPATH"
 	{
 		echo "<ca>"
 		cat "/etc/openvpn/easy-rsa/pki/ca.crt"
@@ -1181,10 +1187,18 @@ function newClient() {
 			echo "</tls-auth>"
 			;;
 		esac
-	} >>"$homeDir/$CLIENT.ovpn"
+	} >>"$CLIENT_FILEPATH"
+
+	if [[ -n "$CLIENT_OWNER" ]]; then
+		echo "Setting owner permission for $CLIENT_FILEPATH"
+		CLIENT_OWNER_GROUP=$(id -gn "$CLIENT_OWNER")
+
+		chmod go-rw "$CLIENT_FILEPATH"
+		chown "$CLIENT_OWNER:$CLIENT_OWNER_GROUP" "$CLIENT_FILEPATH"
+	fi
 
 	echo ""
-	echo "The configuration file has been written to $homeDir/$CLIENT.ovpn."
+	echo "The configuration file has been written to $CLIENT_FILEPATH."
 	echo "Download the .ovpn file and import it in your OpenVPN client."
 
 	exit 0