From ad466f872834b77877c4b2a806ad4944efad61ae Mon Sep 17 00:00:00 2001
From: 4s3ti <cfcolaco@colacoweb.net>
Date: Sun, 1 Sep 2019 16:10:53 +0200
Subject: [PATCH] Permissions hardening and Standardization

---
 auto_install/install.sh | 4 ++--
 scripts/makeOVPN.sh     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/auto_install/install.sh b/auto_install/install.sh
index bedbb8e..93fef2e 100755
--- a/auto_install/install.sh
+++ b/auto_install/install.sh
@@ -399,7 +399,7 @@ installScripts() {
     if [ ! -d /opt/pivpn ]; then
         $SUDO mkdir /opt/pivpn
         $SUDO chown "$pivpnUser":root /opt/pivpn
-        $SUDO chmod u+srwx /opt/pivpn
+        $SUDO chmod 0755 /opt/pivpn
     fi
     $SUDO cp /etc/.pivpn/scripts/makeOVPN.sh /opt/pivpn/makeOVPN.sh
     $SUDO cp /etc/.pivpn/scripts/clientStat.sh /opt/pivpn/clientStat.sh
@@ -1135,7 +1135,7 @@ confOVPN() {
 	if [ ! -d "$INSTALL_HOME/ovpns" ]; then
         $SUDO mkdir "$INSTALL_HOME/ovpns"
     fi
-    $SUDO chmod 0777 -R "$INSTALL_HOME/ovpns"
+    $SUDO chmod 0750 -R "$INSTALL_HOME/ovpns"
 }
 
 confLogging() {
diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh
index 29605eb..2ec45b2 100755
--- a/scripts/makeOVPN.sh
+++ b/scripts/makeOVPN.sh
@@ -381,7 +381,7 @@ fi
 
 if [ ! -d "/home/$INSTALL_USER/ovpns" ]; then
     mkdir "/home/$INSTALL_USER/ovpns"
-    chmod 0777 -R "/home/$INSTALL_USER/ovpns"
+    chmod 0750 "/home/$INSTALL_USER/ovpns"
 fi
 
 # If user is using Bitwarden, have them login again to submit their .ovpn file to their vault