From 8b40035bf571cf030109111d9fe5290ffa453477 Mon Sep 17 00:00:00 2001 From: Douglas Orend <43975081+douglasorend@users.noreply.github.com> Date: Tue, 13 Aug 2019 11:23:08 -0500 Subject: [PATCH 1/3] Properly determine user's home directory Code assumes that the specified user directory is under /home. This code parses the /etc/passwd file in order to determine what that user's proper home directory is. --- auto_install/install.sh | 7 ++++--- scripts/makeOVPN.sh | 9 +++++---- scripts/removeOVPN.sh | 3 ++- scripts/uninstall.sh | 3 ++- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 59a3c3b..e6e631c 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -1055,10 +1055,11 @@ confOVPN() { # verify server name to strengthen security $SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/pki/Default.txt - if [ ! -d "/home/$pivpnUser/ovpns" ]; then - $SUDO mkdir "/home/$pivpnUser/ovpns" + INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6) + if [ ! -d "$INSTALL_HOME/ovpns" ]; then + $SUDO mkdir "$INSTALL_HOME/ovpns" fi - $SUDO chmod 0777 -R "/home/$pivpnUser/ovpns" + $SUDO chmod 0777 -R "$INSTALL_HOME/ovpns" } confLogging() { diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh index 0a571b4..99be815 100755 --- a/scripts/makeOVPN.sh +++ b/scripts/makeOVPN.sh @@ -269,15 +269,16 @@ echo "tls-auth Private Key found: $TA" } > "${NAME}${FILEEXT}" # Copy the .ovpn profile to the home directory for convenient remote access -cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "/home/$INSTALL_USER/ovpns/$NAME$FILEEXT" -chown "$INSTALL_USER" "/home/$INSTALL_USER/ovpns/$NAME$FILEEXT" +INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6) +cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$INSTALL_HOME/ovpns/$NAME$FILEEXT" +chown "$INSTALL_HOME" "$INSTALL_HOME/ovpns/$NAME$FILEEXT" chmod o-r "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" -chmod o-r "/home/$INSTALL_USER/ovpns/$NAME$FILEEXT" +chmod o-r "$INSTALL_HOME/ovpns/$NAME$FILEEXT" printf "\n\n" printf "========================================================\n" printf "\e[1mDone! %s successfully created!\e[0m \n" "$NAME$FILEEXT" printf "%s was copied to:\n" "$NAME$FILEEXT" -printf " /home/%s/ovpns\n" "$INSTALL_USER" +printf " %s/ovpns\n" "$INSTALL_HOME" printf "for easy transfer. Please use this profile only on one\n" printf "device and create additional profiles for other devices.\n" printf "========================================================\n\n" diff --git a/scripts/removeOVPN.sh b/scripts/removeOVPN.sh index 4438d98..f6bd09c 100755 --- a/scripts/removeOVPN.sh +++ b/scripts/removeOVPN.sh @@ -104,6 +104,7 @@ fi cd /etc/openvpn/easy-rsa || exit +INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6) for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do printf "\n::: Revoking certificate '"%s"'.\n" "${CERTS_TO_REVOKE[ii]}" ./easyrsa --batch revoke "${CERTS_TO_REVOKE[ii]}" @@ -113,7 +114,7 @@ for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req" rm -rf "pki/private/${CERTS_TO_REVOKE[ii]}.key" rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt" - rm -rf "/home/${INSTALL_USER}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn" + rm -rf "${INSTALL_HOME}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn" rm -rf "/etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn" cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem done diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index 99192aa..2053645 100755 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -17,6 +17,7 @@ else fi INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER) +INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6) PLAT=$(cat /etc/pivpn/DET_PLATFORM) NO_UFW=$(cat /etc/pivpn/NO_UFW) PORT=$(cat /etc/pivpn/INSTALL_PORT) @@ -83,7 +84,7 @@ echo ":::" echo "::: Removing pivpn system files..." $SUDO rm -rf /opt/pivpn &> /dev/null $SUDO rm -rf /etc/.pivpn &> /dev/null - $SUDO rm -rf /home/$INSTALL_USER/ovpns &> /dev/null + $SUDO rm -rf $INSTALL_HOME/ovpns &> /dev/null $SUDO rm -rf /var/log/*pivpn* &> /dev/null $SUDO rm -rf /var/log/*openvpn* &> /dev/null From 44e1f4885683a7bb59fbdfdb9e65eda8020a6676 Mon Sep 17 00:00:00 2001 From: Douglas Orend <43975081+douglasorend@users.noreply.github.com> Date: Tue, 20 Aug 2019 09:02:31 -0500 Subject: [PATCH 2/3] Update makeOVPN.sh Fixed ownership line to use only username, not install path. --- scripts/makeOVPN.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh index 99be815..d4ce274 100755 --- a/scripts/makeOVPN.sh +++ b/scripts/makeOVPN.sh @@ -271,7 +271,7 @@ echo "tls-auth Private Key found: $TA" # Copy the .ovpn profile to the home directory for convenient remote access INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6) cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$INSTALL_HOME/ovpns/$NAME$FILEEXT" -chown "$INSTALL_HOME" "$INSTALL_HOME/ovpns/$NAME$FILEEXT" +chown "$INSTALL_USER" "$INSTALL_HOME/ovpns/$NAME$FILEEXT" chmod o-r "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" chmod o-r "$INSTALL_HOME/ovpns/$NAME$FILEEXT" printf "\n\n" From 371e65444b9230a61a03dfefb8e8d9731d640886 Mon Sep 17 00:00:00 2001 From: Douglas Orend <43975081+douglasorend@users.noreply.github.com> Date: Wed, 21 Aug 2019 19:25:32 -0500 Subject: [PATCH 3/3] Update makeOVPN.sh --- scripts/makeOVPN.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh index d4ce274..e937475 100755 --- a/scripts/makeOVPN.sh +++ b/scripts/makeOVPN.sh @@ -272,8 +272,8 @@ echo "tls-auth Private Key found: $TA" INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6) cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$INSTALL_HOME/ovpns/$NAME$FILEEXT" chown "$INSTALL_USER" "$INSTALL_HOME/ovpns/$NAME$FILEEXT" -chmod o-r "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" -chmod o-r "$INSTALL_HOME/ovpns/$NAME$FILEEXT" +chmod 640 "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" +chmod 640 "$INSTALL_HOME/ovpns/$NAME$FILEEXT" printf "\n\n" printf "========================================================\n" printf "\e[1mDone! %s successfully created!\e[0m \n" "$NAME$FILEEXT"