commit b8a4807c50499c30d295493d82057f8abc8994a2
parent cdd0a9144ff3fb30ce2ffbd2623eff6981a87570
Author: sin <sin@2f30.org>
Date: Thu, 29 Nov 2018 14:29:19 +0000
2f30-vpn: Fixup perms
Signed-off-by: sin <sin@2f30.org>
Diffstat:
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/2f30-vpn b/2f30-vpn
@@ -23,7 +23,10 @@ files for use on an OpenBSD/Linux client.
EOF
+chmod 750 $basedir
+
mkdir -p $basedir/hosts
+chmod 750 $basedir/hosts
echo -n "Machine name (not FQDN): "
read name
@@ -50,18 +53,19 @@ AddressFamily = ipv4
Interface = $device
ConnectTo = hydra
EOF
+chmod 640 $basedir/tinc.conf
cat > $basedir/tinc-up << EOF
ip link set \$INTERFACE up
ip addr add $address/24 dev \$INTERFACE
EOF
-chmod +x $basedir/tinc-up
+chmod 750 $basedir/tinc-up
cat > $basedir/tinc-down << EOF
ip addr del $address/24 dev \$INTERFACE
ip link set \$INTERFACE down
EOF
-chmod +x $basedir/tinc-down
+chmod 750 $basedir/tinc-down
elif test $os = OpenBSD; then
cat > $basedir/tinc.conf << EOF
@@ -70,16 +74,17 @@ AddressFamily = ipv4
Device = /dev/$device
ConnectTo = hydra
EOF
+chmod 640 $basedir/tinc.conf
cat > $basedir/tinc-up << EOF
ifconfig $device $address netmask 255.255.255.0
EOF
-chmod +x $basedir/tinc-up
+chmod 750 $basedir/tinc-up
cat > $basedir/tinc-down << EOF
ifconfig $device down
EOF
-chmod +x $basedir/tinc-down
+chmod 750 $basedir/tinc-down
else
echo os not supported 1>&2
fi
@@ -102,6 +107,7 @@ d67ELS9a2K9letkOX19A13pZ/QTGiJYSC0UaHIzKXZ5X0yjVfqcY74NDFsdgXGkw
eEsFn5hPzjauXCDmUzvzJ6VqAZXOYeV9rmtlt7ohHI+lOY/UClRh5lcCAwEAAQ==
-----END RSA PUBLIC KEY-----
EOF
+chmod 640 $basedir/hosts/hydra
cat > $basedir/hosts/$name << EOF
Subnet = $address/32
@@ -111,6 +117,7 @@ tincd -c $basedir -K 4096 << EOF
EOF
+chmod 640 $basedir/hosts/$name
echo
cat << EOF
