[osx] don't drop privieleges

The script client.down.sh needs to be run as root. As long as we don't
implement another way to execute it from the helper let's not drop
privileges on OSX.

- Resolves: #23

3 files changed, 5 insertions, 7 deletions

diff --git a/helper/args.go b/helper/args.go
index 2a60d9d..f6f4ced 100644
--- a/helper/args.go
+++ b/helper/args.go
@@ -9,9 +9,7 @@ import (
 )
 
 const (
-	openvpnUser  = "nobody"
-	openvpnGroup = "nobody"
-	nameserver   = "10.42.0.1"
+	nameserver = "10.42.0.1"
 )
 
 var (
@@ -22,8 +20,6 @@ var (
 		"--tls-client",
 		"--remote-cert-tls", "server",
 		"--dhcp-option", "DNS", nameserver,
-		"--user", openvpnUser,
-		"--group", openvpnGroup,
 		"--log", logFolder + "openvpn.log",
 	}
 
diff --git a/helper/darwin.go b/helper/darwin.go
index 34af01e..10bab31 100644
--- a/helper/darwin.go
+++ b/helper/darwin.go
@@ -85,8 +85,6 @@ func getOpenvpnPath() string {
 	return openvpnPath
 }
 
-// TODO -- pass extra args to start_openvpn with --up and --down scripts
-
 func kill(cmd *exec.Cmd) error {
 	return cmd.Process.Signal(os.Interrupt)
 }
diff --git a/helper/linux.go b/helper/linux.go
index 3817989..4273578 100644
--- a/helper/linux.go
+++ b/helper/linux.go
@@ -23,6 +23,8 @@ import (
 )
 
 const (
+	openvpnUser       = "nobody"
+	openvpnGroup      = "nogroup"
 	logFolder         = "/var/log/"
 	systemOpenvpnPath = "/usr/sbin/openvpn"
 	snapOpenvpnPath   = "/snap/bin/riseup-vpn.openvpn"
@@ -31,6 +33,8 @@ const (
 var (
 	platformOpenvpnFlags = []string{
 		"--script-security", "1",
+		"--user", openvpnUser,
+		"--group", openvpnGroup,
 	}
 )