Fabio/openvpn-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed chmod to chown, and check for nobody group

Browse source
This commit is contained in:
Tzvi Spitz 2017-03-29 11:01:10 -04:00 committed by GitHub
parent bb22c4f158
commit 76548b0089
1 changed files with 9 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
openvpn-install.sh
View file

@ -81,6 +81,13 @@ if [[ "$IP" = "" ]]; then
IP=$(wget -qO- ipv4.icanhazip.com) IP=$(wget -qO- ipv4.icanhazip.com)
fi fi
# Find out if the machine uses nogroup or nobody for the permissionless group
if grep -qs "^nogroup:" /etc/group; then
NOGROUP=nogroup
else
NOGROUP=nobody
fi
if [[ -e /etc/openvpn/server.conf ]]; then if [[ -e /etc/openvpn/server.conf ]]; then
while : while :
do do
@ -133,7 +140,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
rm -rf pki/issued/$CLIENT.crt rm -rf pki/issued/$CLIENT.crt
rm -rf /etc/openvpn/crl.pem rm -rf /etc/openvpn/crl.pem
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
chmod nobody:nobody /etc/openvpn/crl.pem chown nobody:$NOGROUP /etc/openvpn/crl.pem
echo "" echo ""
echo "Certificate for client $CLIENT revoked" echo "Certificate for client $CLIENT revoked"
echo "Exiting..." echo "Exiting..."
@ -381,13 +388,7 @@ WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service
systemctl start iptables systemctl start iptables
fi fi
fi fi
# Find out if the machine uses nogroup or nobody for the permissionless group
if grep -qs "^nogroup:" /etc/group; then
NOGROUP=nogroup
else
NOGROUP=nobody
fi
# An old version of easy-rsa was available by default in some openvpn packages # An old version of easy-rsa was available by default in some openvpn packages
if [[ -d /etc/openvpn/easy-rsa/ ]]; then if [[ -d /etc/openvpn/easy-rsa/ ]]; then
rm -rf /etc/openvpn/easy-rsa/ rm -rf /etc/openvpn/easy-rsa/