diff options
author | Ruben Pollan <meskio@sindominio.net> | 2018-08-23 18:13:58 +0200 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2018-08-23 18:13:58 +0200 |
commit | 15fd1551b8c8fb2bc2430ef99823e4135e0c5f0e (patch) | |
tree | 2d87577abb040d3d1368ad11fce146a7bfd05f12 /helper | |
parent | 6b6b58e2d05bb2d303babbcf18bfda26c9c2b163 (diff) |
[osx] don't drop privieleges
The script client.down.sh needs to be run as root. As long as we don't
implement another way to execute it from the helper let's not drop
privileges on OSX.
- Resolves: #23
Diffstat (limited to 'helper')
-rw-r--r-- | helper/args.go | 6 | ||||
-rw-r--r-- | helper/darwin.go | 2 | ||||
-rw-r--r-- | helper/linux.go | 4 |
3 files changed, 5 insertions, 7 deletions
diff --git a/helper/args.go b/helper/args.go index 2a60d9d..f6f4ced 100644 --- a/helper/args.go +++ b/helper/args.go @@ -9,9 +9,7 @@ import ( ) const ( - openvpnUser = "nobody" - openvpnGroup = "nobody" - nameserver = "10.42.0.1" + nameserver = "10.42.0.1" ) var ( @@ -22,8 +20,6 @@ var ( "--tls-client", "--remote-cert-tls", "server", "--dhcp-option", "DNS", nameserver, - "--user", openvpnUser, - "--group", openvpnGroup, "--log", logFolder + "openvpn.log", } diff --git a/helper/darwin.go b/helper/darwin.go index 34af01e..10bab31 100644 --- a/helper/darwin.go +++ b/helper/darwin.go @@ -85,8 +85,6 @@ func getOpenvpnPath() string { return openvpnPath } -// TODO -- pass extra args to start_openvpn with --up and --down scripts - func kill(cmd *exec.Cmd) error { return cmd.Process.Signal(os.Interrupt) } diff --git a/helper/linux.go b/helper/linux.go index 3817989..4273578 100644 --- a/helper/linux.go +++ b/helper/linux.go @@ -23,6 +23,8 @@ import ( ) const ( + openvpnUser = "nobody" + openvpnGroup = "nogroup" logFolder = "/var/log/" systemOpenvpnPath = "/usr/sbin/openvpn" snapOpenvpnPath = "/snap/bin/riseup-vpn.openvpn" @@ -31,6 +33,8 @@ const ( var ( platformOpenvpnFlags = []string{ "--script-security", "1", + "--user", openvpnUser, + "--group", openvpnGroup, } ) |