From 610d42e6b263f9d71ad54adeda4eaefb08c4f8f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Alvergnat?= Date: Wed, 19 Jan 2022 15:39:38 +0100 Subject: [PATCH] chown/chmod client file when name match system user (#961) --- openvpn-install.sh | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 64d8ed0..07dac57 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -1097,6 +1097,7 @@ function newClient() { if [ -e "/home/${CLIENT}" ]; then # if $1 is a user name homeDir="/home/${CLIENT}" + CLIENT_OWNER="$CLIENT" elif [ "${SUDO_USER}" ]; then # if not, use SUDO_USER if [ "${SUDO_USER}" == "root" ]; then @@ -1105,11 +1106,14 @@ function newClient() { else homeDir="/home/${SUDO_USER}" fi + CLIENT_OWNER="$SUDO_USER" else # if not SUDO_USER, use /root homeDir="/root" fi + CLIENT_FILEPATH="$homeDir/$CLIENT.ovpn" + # Determine if we use tls-auth or tls-crypt if grep -qs "^tls-crypt" /etc/openvpn/server.conf; then TLS_SIG="1" @@ -1118,7 +1122,7 @@ function newClient() { fi # Generates the custom client.ovpn - cp /etc/openvpn/client-template.txt "$homeDir/$CLIENT.ovpn" + cp /etc/openvpn/client-template.txt "$CLIENT_FILEPATH" { echo "" cat "/etc/openvpn/easy-rsa/pki/ca.crt" @@ -1145,10 +1149,18 @@ function newClient() { echo "" ;; esac - } >>"$homeDir/$CLIENT.ovpn" + } >>"$CLIENT_FILEPATH" + + if [[ -n "$CLIENT_OWNER" ]]; then + echo "Setting owner permission for $CLIENT_FILEPATH" + CLIENT_OWNER_GROUP=$(id -gn "$CLIENT_OWNER") + + chmod go-rw "$CLIENT_FILEPATH" + chown "$CLIENT_OWNER:$CLIENT_OWNER_GROUP" "$CLIENT_FILEPATH" + fi echo "" - echo "The configuration file has been written to $homeDir/$CLIENT.ovpn." + echo "The configuration file has been written to $CLIENT_FILEPATH." echo "Download the .ovpn file and import it in your OpenVPN client." exit 0