Commit 54521d35 authored by Ivan Alejandro's avatar Ivan Alejandro
Browse files

Support for 'nobody' (used on Arch) group name.

parent b9326cfc
- Support 'nobody' (used on Arch) as well as 'nogroup' as group names. Related to #6058.
......@@ -51,7 +51,29 @@ cmdcheck = subprocess.check_output
# CONSTANTS
#
VERSION = "4"
def get_no_group_name():
"""
Return the right group name to use for the current OS.
Examples:
- Ubuntu: nogroup
- Arch: nobody
:rtype: str or None
"""
import grp
try:
grp.getgrnam('nobody')
return 'nobody'
except KeyError:
try:
grp.getgrnam('nogroup')
return 'nogroup'
except KeyError:
return None
VERSION = "5"
SCRIPT = "bitmask-root"
NAMESERVER = "10.42.0.1"
BITMASK_CHAIN = "bitmask"
......@@ -68,7 +90,7 @@ IPTABLES = "/sbin/iptables"
IP6TABLES = "/sbin/ip6tables"
OPENVPN_USER = "nobody"
OPENVPN_GROUP = "nogroup"
OPENVPN_GROUP = get_no_group_name()
LEAPOPENVPN = "LEAPOPENVPN"
OPENVPN_SYSTEM_BIN = "/usr/sbin/openvpn" # Debian location
OPENVPN_LEAP_BIN = "/usr/local/sbin/leap-openvpn" # installed by bundle
......@@ -83,10 +105,12 @@ FIXED_FLAGS = [
"--management-signal",
"--script-security", "1",
"--user", "nobody",
"--group", "nogroup",
"--remap-usr1", "SIGTERM",
]
if OPENVPN_GROUP is not None:
FIXED_FLAGS.extend(["--group", OPENVPN_GROUP])
ALLOWED_FLAGS = {
"--remote": ["IP", "NUMBER", "PROTO"],
"--tls-cipher": ["CIPHER"],
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment