chown crl.pem to nobody on revoke

[tes5884]

This is a patch for Issue #25.

Apologies if I didn't format things correctly, this is my first time doing a pull request.

Thanks

[Kcchouette]

It would be better to use instead chmod nobody:$NOGROUP /etc/openvpn/crl.pem but

# Find out if the machine uses nogroup or nobody for the permissionless group
if grep -qs "^nogroup:" /etc/group; then
        NOGROUP=nogroup
else
       	NOGROUP=nobody
fi

from here should be moved on the top of the script

[Kcchouette]

Moreover, I think it's chown, not chmod, doesn't it?

[tes5884]

1. Much better!
2. I'm an idiot - the irony is on my local (not git) script I actually did use chown...

Excuse my newbness - do I change my patch, or do you just submit your own? how does this work?

Thanks!

[Kcchouette]

You should change your patch or this owner of this repo can.
I'm not the owner so I can't push code on this repo.

So the best way is you change your patch :)

Thank you

[tes5884]

Did the change - hopefully I did it correctly :)

Thank you @Kcchouette for your assistance, and advice!

[robiiinos]

I'm gonna try it!
Before your PR, I did a pretty same correction on my side to make it works.

[Kcchouette]

Have you tried it, @Bashilor ?

[chocolateshirt]

@Kcchouette : I had done it and it proved

go to /etc/openvpn

then make chown nobody crl.pem

[angristan]

I tested using @tes5884 fork, but after the installation, crl.pem is still owned by root:root. I'm searching what is wrong

[angristan]

Oh, ok.
Why do you put chown nobody:$NOGROUP /etc/openvpn/crl.pem after revoking the client ? Shouldn't it be when installing OpenVPN ?

[Kcchouette]

Indeed, you should replace that by chown nobody:$NOGROUP /etc/openvpn/crl.pem, shouldn't you?

[angristan]

What ?

[Kcchouette]

Replace chmod 644 /etc/openvpn/crl.pem by chown nobody:$NOGROUP /etc/openvpn/crl.pem (or adding it after) here?