debian openvpn has dedicated user and group, so rather use those than nobody:nogroup (as do _many_ other packages and thus all having access to such owned files).

Signed-off-by: corbolais <corbolais@gmail.com>
This commit is contained in:
corbolais 2019-12-08 16:39:46 +01:00
parent 4466f1503c
commit 8affc9a313

View file

@ -14,6 +14,8 @@
setupVars=/etc/pivpn/setupVars.conf
pivpnFilesDir="/etc/.pivpn"
debianOvpnUserGroup="openvpn:openvpn"
### PKG Vars ###
PKG_MANAGER="apt-get"
PKG_CACHE="/var/lib/apt/lists/"
@ -1290,7 +1292,11 @@ set_var EASYRSA_KEY_SIZE ${pivpnENCRYPT}" | $SUDO tee vars >/dev/null
# Generate an empty Certificate Revocation List
${SUDOE} ./easyrsa gen-crl
${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem
if test "${PLAT}" = "Debian"; then
${SUDOE} chown "$debianOvpnUserGroup" /etc/openvpn/crl.pem
else
${SUDOE} chown nobody:nogroup /etc/openvpn/crl.pem
fi
# Write config file for server using the template.txt file
$SUDO cp /etc/.pivpn/server_config.txt /etc/openvpn/server.conf