debian openvpn has dedicated user and group, so rather use those than nobody:nogroup (as do _many_ other packages and thus all having access to such owned files).

Signed-off-by: corbolais <corbolais@gmail.com>

auto_install/install.sh

@@ -14,6 +14,8 @@
 setupVars=/etc/pivpn/setupVars.conf
 pivpnFilesDir="/etc/.pivpn"
 
+debianOvpnUserGroup="openvpn:openvpn"
+
 ### PKG Vars ###
 PKG_MANAGER="apt-get"
 PKG_CACHE="/var/lib/apt/lists/"
@@ -1290,7 +1292,11 @@ set_var EASYRSA_KEY_SIZE   ${pivpnENCRYPT}" | $SUDO tee vars >/dev/null
 	# Generate an empty Certificate Revocation List
 	${SUDOE} ./easyrsa gen-crl
 	${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem
-	${SUDOE} chown nobody:nogroup /etc/openvpn/crl.pem
+  if test "${PLAT}" = "Debian"; then
+		${SUDOE} chown "$debianOvpnUserGroup" /etc/openvpn/crl.pem
+  else
+		${SUDOE} chown nobody:nogroup /etc/openvpn/crl.pem
+  fi
 
 	# Write config file for server using the template.txt file
 	$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf