chown/chmod client file when name match system user (#961)

2024-12-04 14:35:31 +01:00 · 2022-01-19 15:39:38 +01:00 · 2022-01-19 15:39:38 +01:00 · 610d42e6b2
commit 610d42e6b2
parent 8c6266053b
1 changed files with 15 additions and 3 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -1097,6 +1097,7 @@ function newClient() {
 	if [ -e "/home/${CLIENT}" ]; then
 		# if $1 is a user name
 		homeDir="/home/${CLIENT}"
+		CLIENT_OWNER="$CLIENT"
 	elif [ "${SUDO_USER}" ]; then
 		# if not, use SUDO_USER
 		if [ "${SUDO_USER}" == "root" ]; then
@ -1105,11 +1106,14 @@ function newClient() {
 		else
 			homeDir="/home/${SUDO_USER}"
 		fi
+		CLIENT_OWNER="$SUDO_USER"
 	else
 		# if not SUDO_USER, use /root
 		homeDir="/root"
 	fi

+	CLIENT_FILEPATH="$homeDir/$CLIENT.ovpn"
+
 	# Determine if we use tls-auth or tls-crypt
 	if grep -qs "^tls-crypt" /etc/openvpn/server.conf; then
 		TLS_SIG="1"
@ -1118,7 +1122,7 @@ function newClient() {
 	fi

 	# Generates the custom client.ovpn
-	cp /etc/openvpn/client-template.txt "$homeDir/$CLIENT.ovpn"
+	cp /etc/openvpn/client-template.txt "$CLIENT_FILEPATH"
 	{
 		echo "<ca>"
 		cat "/etc/openvpn/easy-rsa/pki/ca.crt"
@ -1145,10 +1149,18 @@ function newClient() {
 			echo "</tls-auth>"
 			;;
 		esac
-	} >>"$homeDir/$CLIENT.ovpn"
+	} >>"$CLIENT_FILEPATH"
+
+	if [[ -n "$CLIENT_OWNER" ]]; then
+		echo "Setting owner permission for $CLIENT_FILEPATH"
+		CLIENT_OWNER_GROUP=$(id -gn "$CLIENT_OWNER")
+
+		chmod go-rw "$CLIENT_FILEPATH"
+		chown "$CLIENT_OWNER:$CLIENT_OWNER_GROUP" "$CLIENT_FILEPATH"
+	fi

 	echo ""
-	echo "The configuration file has been written to $homeDir/$CLIENT.ovpn."
+	echo "The configuration file has been written to $CLIENT_FILEPATH."
 	echo "Download the .ovpn file and import it in your OpenVPN client."

 	exit 0