[osx] don't drop privieleges

The script client.down.sh needs to be run as root. As long as we don't implement another way to execute it from the helper let's not drop privileges on OSX. - Resolves: #23

[osx] don't drop privieleges
15fd1551 · meskio · 6b6b58e2 · 15fd1551 · 15fd1551 · 15fd1551
Unverified Commit 15fd1551 authored 6 years ago by meskio
--- a/helper/args.go
+++ b/helper/args.go
@@ -9,8 +9,6 @@ import (
 )
 const (
-	openvpnUser  = "nobody"
-	openvpnGroup = "nobody"
 	nameserver = "10.42.0.1"
 )
@@ -22,8 +20,6 @@ var (
 		"--tls-client",
 		"--remote-cert-tls", "server",
 		"--dhcp-option", "DNS", nameserver,
-		"--user", openvpnUser,
-		"--group", openvpnGroup,
 		"--log", logFolder + "openvpn.log",
 	}

--- a/helper/darwin.go
+++ b/helper/darwin.go
@@ -85,8 +85,6 @@ func getOpenvpnPath() string {
 	return openvpnPath
 }
-// TODO -- pass extra args to start_openvpn with --up and --down scripts
 func kill(cmd *exec.Cmd) error {
 	return cmd.Process.Signal(os.Interrupt)
 }

--- a/helper/linux.go
+++ b/helper/linux.go
@@ -23,6 +23,8 @@ import (
 )
 const (
+	openvpnUser       = "nobody"
+	openvpnGroup      = "nogroup"
 	logFolder         = "/var/log/"
 	systemOpenvpnPath = "/usr/sbin/openvpn"
 	snapOpenvpnPath   = "/snap/bin/riseup-vpn.openvpn"
@@ -31,6 +33,8 @@ const (
 var (
 	platformOpenvpnFlags = []string{
 		"--script-security", "1",
+		"--user", openvpnUser,
+		"--group", openvpnGroup,
 	}
 )