From 30ef252ff58e1a08715a7aede4371d981aace73d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Dubois?= <jdubois@evolix.fr>
Date: Tue, 13 Dec 2022 17:40:12 +0100
Subject: [PATCH] Fix ${CRL} and ${CA_DIR} rights so that CRL file can be read
 by openvpn

---
 shellpki | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/shellpki b/shellpki
index 5e7169c..c20e359 100755
--- a/shellpki
+++ b/shellpki
@@ -224,7 +224,7 @@ replace_existing_or_abort() {
 init() {
     umask 0177
 
-    [ -d "${CA_DIR}" ] || mkdir -m 0750 "${CA_DIR}"
+    [ -d "${CA_DIR}" ] || mkdir -m 0751 "${CA_DIR}"
     [ -d "${CRT_DIR}" ] || mkdir -m 0750 "${CRT_DIR}"
     [ -f "${INDEX_FILE}" ] || touch "${INDEX_FILE}"
     [ -f "${INDEX_FILE}.attr" ] || touch "${INDEX_FILE}.attr"
@@ -1103,9 +1103,11 @@ main() {
 
     # fix right
     chown -R "${PKI_USER}":"${PKI_USER}" "${CA_DIR}"
-    chmod 750 "${CA_DIR}" "${CRT_DIR}" "${KEY_DIR}" "${CSR_DIR}" "${PKCS12_DIR}" "${OVPN_DIR}" "${TMP_DIR}"
-    chmod 600 "${INDEX_FILE}"* "${SERIAL}"* "${CA_KEY}" "${CRL}"
+    chmod 750 "${CRT_DIR}" "${KEY_DIR}" "${CSR_DIR}" "${PKCS12_DIR}" "${OVPN_DIR}" "${TMP_DIR}"
+    chmod 600 "${INDEX_FILE}"* "${SERIAL}"* "${CA_KEY}"
     chmod 640 "${CA_CERT}"
+    chmod 604 "${CRL}"
+    chmod 751 "${CA_DIR}"
 }
 
 main "$@"