-
-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chown crl.pem to nobody on revoke #47
Conversation
openvpn-install.sh
Outdated
@@ -133,6 +133,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then | |||
rm -rf pki/issued/$CLIENT.crt | |||
rm -rf /etc/openvpn/crl.pem | |||
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem | |||
chmod nobody:nobody /etc/openvpn/crl.pem |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be better to use instead chmod nobody:$NOGROUP /etc/openvpn/crl.pem
but
# Find out if the machine uses nogroup or nobody for the permissionless group
if grep -qs "^nogroup:" /etc/group; then
NOGROUP=nogroup
else
NOGROUP=nobody
fi
from here should be moved on the top of the script
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moreover, I think it's chown
, not chmod
, doesn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Much better!
- I'm an idiot - the irony is on my local (not git) script I actually did use chown...
Excuse my newbness - do I change my patch, or do you just submit your own? how does this work?
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should change your patch or this owner of this repo can.
I'm not the owner so I can't push code on this repo.
So the best way is you change your patch :)
Thank you
Did the change - hopefully I did it correctly :) Thank you @Kcchouette for your assistance, and advice! |
I'm gonna try it! |
Have you tried it, @Bashilor ? |
@Kcchouette : I had done it and it proved go to /etc/openvpn then make chown nobody crl.pem |
I tested using @tes5884 fork, but after the installation, crl.pem is still owned by root:root. I'm searching what is wrong |
Oh, ok. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, you should replace that by chown nobody:$NOGROUP /etc/openvpn/crl.pem
, shouldn't you?
What ? |
Replace |
This is a patch for Issue #25.
Apologies if I didn't format things correctly, this is my first time doing a pull request.
Thanks