diff options
author | Ivan Alejandro <ivanalejandro0@gmail.com> | 2015-01-07 18:49:26 -0300 |
---|---|---|
committer | Ivan Alejandro <ivanalejandro0@gmail.com> | 2015-01-08 12:59:49 -0300 |
commit | e046eeb7355a2ce3856eedee08bbc3d73ed7bbaa (patch) | |
tree | 64172447e4c5587f2ff4140605232b05066aba36 /pkg/linux/bitmask-root | |
parent | b9326cfceb304cebeb97017ebb8d22ba06f98f75 (diff) |
Support for 'nobody' (used on Arch) group name.
Diffstat (limited to 'pkg/linux/bitmask-root')
-rwxr-xr-x | pkg/linux/bitmask-root | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index 622a0b8a..6fb1f0b3 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -51,7 +51,29 @@ cmdcheck = subprocess.check_output # CONSTANTS # -VERSION = "4" + +def get_no_group_name(): + """ + Return the right group name to use for the current OS. + Examples: + - Ubuntu: nogroup + - Arch: nobody + + :rtype: str or None + """ + import grp + try: + grp.getgrnam('nobody') + return 'nobody' + except KeyError: + try: + grp.getgrnam('nogroup') + return 'nogroup' + except KeyError: + return None + + +VERSION = "5" SCRIPT = "bitmask-root" NAMESERVER = "10.42.0.1" BITMASK_CHAIN = "bitmask" @@ -68,7 +90,7 @@ IPTABLES = "/sbin/iptables" IP6TABLES = "/sbin/ip6tables" OPENVPN_USER = "nobody" -OPENVPN_GROUP = "nogroup" +OPENVPN_GROUP = get_no_group_name() LEAPOPENVPN = "LEAPOPENVPN" OPENVPN_SYSTEM_BIN = "/usr/sbin/openvpn" # Debian location OPENVPN_LEAP_BIN = "/usr/local/sbin/leap-openvpn" # installed by bundle @@ -83,10 +105,12 @@ FIXED_FLAGS = [ "--management-signal", "--script-security", "1", "--user", "nobody", - "--group", "nogroup", "--remap-usr1", "SIGTERM", ] +if OPENVPN_GROUP is not None: + FIXED_FLAGS.extend(["--group", OPENVPN_GROUP]) + ALLOWED_FLAGS = { "--remote": ["IP", "NUMBER", "PROTO"], "--tls-cipher": ["CIPHER"], |