chown/chmod client file when name match system user (angristan#961)

Toilal · Jan 19, 2022 · 1dcd1ce · 1dcd1ce
1 parent 8c62660
commit 1dcd1ce
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/openvpn-install.sh b/openvpn-install.sh
@@ -1097,6 +1097,7 @@ function newClient() {
 	if [ -e "/home/${CLIENT}" ]; then
 		# if $1 is a user name
 		homeDir="/home/${CLIENT}"
+		CLIENT_OWNER="$CLIENT"
 	elif [ "${SUDO_USER}" ]; then
 		# if not, use SUDO_USER
 		if [ "${SUDO_USER}" == "root" ]; then
@@ -1105,11 +1106,14 @@ function newClient() {
 		else
 			homeDir="/home/${SUDO_USER}"
 		fi
+		CLIENT_OWNER="$SUDO_USER"
 	else
 		# if not SUDO_USER, use /root
 		homeDir="/root"
 	fi
 
+	CLIENT_FILEPATH = "$homeDir/$CLIENT.ovpn"
+
 	# Determine if we use tls-auth or tls-crypt
 	if grep -qs "^tls-crypt" /etc/openvpn/server.conf; then
 		TLS_SIG="1"
@@ -1118,7 +1122,7 @@ function newClient() {
 	fi
 
 	# Generates the custom client.ovpn
-	cp /etc/openvpn/client-template.txt "$homeDir/$CLIENT.ovpn"
+	cp /etc/openvpn/client-template.txt "$CLIENT_FILEPATH"
 	{
 		echo "<ca>"
 		cat "/etc/openvpn/easy-rsa/pki/ca.crt"
@@ -1145,10 +1149,16 @@ function newClient() {
 			echo "</tls-auth>"
 			;;
 		esac
-	} >>"$homeDir/$CLIENT.ovpn"
+	} >>"$CLIENT_FILEPATH"
+
+	if [[ ! -z "$CLIENT_OWNER" ]]; then
+		echo "Setting owner permission for $CLIENT_FILEPATH"
+		chmod go-rw "$CLIENT_FILEPATH"
+		chown "$CLIENT_OWNER" "$CLIENT_FILEPATH"
+	fi
 
 	echo ""
-	echo "The configuration file has been written to $homeDir/$CLIENT.ovpn."
+	echo "The configuration file has been written to $CLIENT_FILEPATH."
 	echo "Download the .ovpn file and import it in your OpenVPN client."
 
 	exit 0