From 610d42e6b263f9d71ad54adeda4eaefb08c4f8f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Alvergnat?= Date: Wed, 19 Jan 2022 15:39:38 +0100 Subject: [PATCH 1/2] chown/chmod client file when name match system user (#961) --- openvpn-install.sh | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 64d8ed09..07dac57e 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -1097,6 +1097,7 @@ function newClient() { if [ -e "/home/${CLIENT}" ]; then # if $1 is a user name homeDir="/home/${CLIENT}" + CLIENT_OWNER="$CLIENT" elif [ "${SUDO_USER}" ]; then # if not, use SUDO_USER if [ "${SUDO_USER}" == "root" ]; then @@ -1105,11 +1106,14 @@ function newClient() { else homeDir="/home/${SUDO_USER}" fi + CLIENT_OWNER="$SUDO_USER" else # if not SUDO_USER, use /root homeDir="/root" fi + CLIENT_FILEPATH="$homeDir/$CLIENT.ovpn" + # Determine if we use tls-auth or tls-crypt if grep -qs "^tls-crypt" /etc/openvpn/server.conf; then TLS_SIG="1" @@ -1118,7 +1122,7 @@ function newClient() { fi # Generates the custom client.ovpn - cp /etc/openvpn/client-template.txt "$homeDir/$CLIENT.ovpn" + cp /etc/openvpn/client-template.txt "$CLIENT_FILEPATH" { echo "" cat "/etc/openvpn/easy-rsa/pki/ca.crt" @@ -1145,10 +1149,18 @@ function newClient() { echo "" ;; esac - } >>"$homeDir/$CLIENT.ovpn" + } >>"$CLIENT_FILEPATH" + + if [[ -n "$CLIENT_OWNER" ]]; then + echo "Setting owner permission for $CLIENT_FILEPATH" + CLIENT_OWNER_GROUP=$(id -gn "$CLIENT_OWNER") + + chmod go-rw "$CLIENT_FILEPATH" + chown "$CLIENT_OWNER:$CLIENT_OWNER_GROUP" "$CLIENT_FILEPATH" + fi echo "" - echo "The configuration file has been written to $homeDir/$CLIENT.ovpn." + echo "The configuration file has been written to $CLIENT_FILEPATH." echo "Download the .ovpn file and import it in your OpenVPN client." exit 0 From 1182e98aed0ec0113ece9d345997c1559351595e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Alvergnat?= Date: Wed, 19 Jan 2022 15:57:19 +0100 Subject: [PATCH 2/2] add CLIENT_FILEPATH environment variable support This environment variable can be set to customize destination of .ovpn file to generate. If defined, it should contain the full path of the file to generate. --- openvpn-install.sh | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 07dac57e..dbc255b7 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -1093,26 +1093,28 @@ function newClient() { echo "Client $CLIENT added." fi - # Home directory of the user, where the client configuration will be written - if [ -e "/home/${CLIENT}" ]; then - # if $1 is a user name - homeDir="/home/${CLIENT}" - CLIENT_OWNER="$CLIENT" - elif [ "${SUDO_USER}" ]; then - # if not, use SUDO_USER - if [ "${SUDO_USER}" == "root" ]; then - # If running sudo as root - homeDir="/root" + if [[ -z "$CLIENT_FILEPATH" ]]; then + # Home directory of the user, where the client configuration will be written + if [ -e "/home/${CLIENT}" ]; then + # if $1 is a user name + homeDir="/home/${CLIENT}" + CLIENT_OWNER="$CLIENT" + elif [ "${SUDO_USER}" ]; then + # if not, use SUDO_USER + if [ "${SUDO_USER}" == "root" ]; then + # If running sudo as root + homeDir="/root" + else + homeDir="/home/${SUDO_USER}" + fi + CLIENT_OWNER="$SUDO_USER" else - homeDir="/home/${SUDO_USER}" + # if not SUDO_USER, use /root + homeDir="/root" fi - CLIENT_OWNER="$SUDO_USER" - else - # if not SUDO_USER, use /root - homeDir="/root" - fi - CLIENT_FILEPATH="$homeDir/$CLIENT.ovpn" + CLIENT_FILEPATH="$homeDir/$CLIENT.ovpn" + fi # Determine if we use tls-auth or tls-crypt if grep -qs "^tls-crypt" /etc/openvpn/server.conf; then