Maint: set PUID and PGID in openvpn configurator

2021-08-18 15:44:58 +00:00
parent bd74879303
commit 5140a7b010
5 changed files with 14 additions and 17 deletions
--- a/cmd/gluetun/main.go
+++ b/cmd/gluetun/main.go
@@ -136,13 +136,15 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 		return err
 	}

+	puid, pgid := allSettings.System.PUID, allSettings.System.PGID
+
 	const clientTimeout = 15 * time.Second
 	httpClient := &http.Client{Timeout: clientTimeout}
 	// Create configurators
 	alpineConf := alpine.New()
 	ovpnConf := openvpn.NewConfigurator(
 		logger.NewChild(logging.Settings{Prefix: "openvpn configurator: "}),
-		cmder)
+		cmder, puid, pgid)
 	dnsCrypto := dnscrypto.New(httpClient, "", "")
 	const cacertsPath = "/etc/ssl/certs/ca-certificates.crt"
 	dnsConf := unbound.NewConfigurator(nil, cmder, dnsCrypto,
@@ -200,9 +202,6 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 		return err
 	}

-	// Should never change
-	puid, pgid := allSettings.System.PUID, allSettings.System.PGID
-
 	const defaultUsername = "nonrootuser"
 	nonRootUsername, err := alpineConf.CreateUser(defaultUsername, puid)
 	if err != nil {
@@ -354,7 +353,7 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,

 	openvpnLogger := logger.NewChild(logging.Settings{Prefix: "openvpn: "})
 	openvpnLooper := openvpn.NewLoop(allSettings.VPN.OpenVPN,
-		allSettings.VPN.Provider, nonRootUsername, puid, pgid, allServers,
+		allSettings.VPN.Provider, nonRootUsername, allServers,
 		ovpnConf, firewallConf, routingConf, portForwardLooper, publicIPLooper, unboundLooper,
 		openvpnLogger, httpClient, buildInfo, allSettings.VersionInformation)
 	openvpnHandler, openvpnCtx, openvpnDone := goshutdown.NewGoRoutineHandler(
--- a/internal/openvpn/auth.go
+++ b/internal/openvpn/auth.go
@@ -7,11 +7,11 @@ import (
 )

 type AuthWriter interface {
-	WriteAuthFile(user, password string, puid, pgid int) error
+	WriteAuthFile(user, password string) error
 }

 // WriteAuthFile writes the OpenVPN auth file to disk with the right permissions.
-func (c *configurator) WriteAuthFile(user, password string, puid, pgid int) error {
+func (c *configurator) WriteAuthFile(user, password string) error {
 	file, err := os.Open(c.authFilePath)

 	if err != nil && !os.IsNotExist(err) {
@@ -28,7 +28,7 @@ func (c *configurator) WriteAuthFile(user, password string, puid, pgid int) erro
 			_ = file.Close()
 			return err
 		}
-		err = file.Chown(puid, pgid)
+		err = file.Chown(c.puid, c.pgid)
 		if err != nil {
 			_ = file.Close()
 			return err
@@ -60,7 +60,7 @@ func (c *configurator) WriteAuthFile(user, password string, puid, pgid int) erro
 		_ = file.Close()
 		return err
 	}
-	err = file.Chown(puid, pgid)
+	err = file.Chown(c.puid, c.pgid)
 	if err != nil {
 		_ = file.Close()
 		return err
--- a/internal/openvpn/loop.go
+++ b/internal/openvpn/loop.go
@@ -32,8 +32,6 @@ type Loop struct {
 	state         state.Manager
 	// Fixed parameters
 	username    string
-	puid        int
-	pgid        int
 	buildInfo   models.BuildInformation
 	versionInfo bool
 	// Configurators
@@ -67,8 +65,7 @@ const (
 )

 func NewLoop(openVPNSettings configuration.OpenVPN,
-	providerSettings configuration.Provider,
-	username string, puid, pgid int,
+	providerSettings configuration.Provider, username string,
 	allServers models.AllServers, conf Configurator,
 	fw firewallConfigurer, routing routing.VPNGetter,
 	portForward portforward.StartStopper,
@@ -87,8 +84,6 @@ func NewLoop(openVPNSettings configuration.OpenVPN,
 		statusManager: statusManager,
 		state:         state,
 		username:      username,
-		puid:          puid,
-		pgid:          pgid,
 		buildInfo:     buildInfo,
 		versionInfo:   versionInfo,
 		conf:          conf,
--- a/internal/openvpn/openvpn.go
+++ b/internal/openvpn/openvpn.go
@@ -20,14 +20,17 @@ type configurator struct {
 	cmder        command.RunStarter
 	configPath   string
 	authFilePath string
+	puid, pgid   int
 }

 func NewConfigurator(logger logging.Logger,
-	cmder command.RunStarter) Configurator {
+	cmder command.RunStarter, puid, pgid int) Configurator {
 	return &configurator{
 		logger:       logger,
 		cmder:        cmder,
 		configPath:   constants.OpenVPNConf,
 		authFilePath: constants.OpenVPNAuthConf,
+		puid:         puid,
+		pgid:         pgid,
 	}
 }
--- a/internal/openvpn/run.go
+++ b/internal/openvpn/run.go
@@ -55,7 +55,7 @@ func (l *Loop) Run(ctx context.Context, done chan<- struct{}) {

 		if openVPNSettings.User != "" {
 			err := l.conf.WriteAuthFile(
-				openVPNSettings.User, openVPNSettings.Password, l.puid, l.pgid)
+				openVPNSettings.User, openVPNSettings.Password)
 			if err != nil {
 				l.signalOrSetStatus(constants.Crashed)
 				l.logAndWait(ctx, err)