Custom UID and GID for subprocesses and files written (#116) Fix #116

- Environment variables `UID` and `GID`, both defaulting to `1000`
- All subprocesses (openvpn, tinyproxy, etc.) run using the UID and GID given
- All files are written with an ownership for the UID and GID given
- Port forwarded file has also ownership for UID, GID and read permission only

internal/pia/pia.go

@@ -20,7 +20,7 @@ type Configurator interface {
 		encryption models.PIAEncryption, targetIP net.IP) (connections []models.OpenVPNConnection, err error)
 	BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher, auth string) (err error)
 	GetPortForward() (port uint16, err error)
-	WritePortForward(filepath models.Filepath, port uint16) (err error)
+	WritePortForward(filepath models.Filepath, port uint16, uid, gid int) (err error)
 	AllowPortForwardFirewall(device models.VPNDevice, port uint16) (err error)
 }
 

internal/pia/portforward.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 
+	"github.com/qdm12/golibs/files"
 	"github.com/qdm12/private-internet-access-docker/internal/constants"
 	"github.com/qdm12/private-internet-access-docker/internal/models"
 )
@@ -35,9 +36,13 @@ func (c *configurator) GetPortForward() (port uint16, err error) {
 	return body.Port, nil
 }
 
-func (c *configurator) WritePortForward(filepath models.Filepath, port uint16) (err error) {
+func (c *configurator) WritePortForward(filepath models.Filepath, port uint16, uid, gid int) (err error) {
 	c.logger.Info("%s: Writing forwarded port to %s", logPrefix, filepath)
-	return c.fileManager.WriteLinesToFile(string(filepath), []string{fmt.Sprintf("%d", port)})
+	return c.fileManager.WriteLinesToFile(
+		string(filepath),
+		[]string{fmt.Sprintf("%d", port)},
+		files.Ownership(uid, gid),
+		files.Permissions(400))
 }
 
 func (c *configurator) AllowPortForwardFirewall(device models.VPNDevice, port uint16) (err error) {