From 15fd1551b8c8fb2bc2430ef99823e4135e0c5f0e Mon Sep 17 00:00:00 2001
From: Ruben Pollan <meskio@sindominio.net>
Date: Thu, 23 Aug 2018 18:13:58 +0200
Subject: [osx] don't drop privieleges

The script client.down.sh needs to be run as root. As long as we don't
implement another way to execute it from the helper let's not drop
privileges on OSX.

- Resolves: #23
---
 helper/args.go   | 6 +-----
 helper/darwin.go | 2 --
 helper/linux.go  | 4 ++++
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/helper/args.go b/helper/args.go
index 2a60d9d..f6f4ced 100644
--- a/helper/args.go
+++ b/helper/args.go
@@ -9,9 +9,7 @@ import (
 )
 
 const (
-	openvpnUser  = "nobody"
-	openvpnGroup = "nobody"
-	nameserver   = "10.42.0.1"
+	nameserver = "10.42.0.1"
 )
 
 var (
@@ -22,8 +20,6 @@ var (
 		"--tls-client",
 		"--remote-cert-tls", "server",
 		"--dhcp-option", "DNS", nameserver,
-		"--user", openvpnUser,
-		"--group", openvpnGroup,
 		"--log", logFolder + "openvpn.log",
 	}
 
diff --git a/helper/darwin.go b/helper/darwin.go
index 34af01e..10bab31 100644
--- a/helper/darwin.go
+++ b/helper/darwin.go
@@ -85,8 +85,6 @@ func getOpenvpnPath() string {
 	return openvpnPath
 }
 
-// TODO -- pass extra args to start_openvpn with --up and --down scripts
-
 func kill(cmd *exec.Cmd) error {
 	return cmd.Process.Signal(os.Interrupt)
 }
diff --git a/helper/linux.go b/helper/linux.go
index 3817989..4273578 100644
--- a/helper/linux.go
+++ b/helper/linux.go
@@ -23,6 +23,8 @@ import (
 )
 
 const (
+	openvpnUser       = "nobody"
+	openvpnGroup      = "nogroup"
 	logFolder         = "/var/log/"
 	systemOpenvpnPath = "/usr/sbin/openvpn"
 	snapOpenvpnPath   = "/snap/bin/riseup-vpn.openvpn"
@@ -31,6 +33,8 @@ const (
 var (
 	platformOpenvpnFlags = []string{
 		"--script-security", "1",
+		"--user", openvpnUser,
+		"--group", openvpnGroup,
 	}
 )
 
-- 
cgit v1.2.3