From 223425b984447d81d68fcf34928f69bdb9de51d8 Mon Sep 17 00:00:00 2001
From: Thomas Lange <code@nerdmind.de>
Date: Mon, 10 May 2021 16:42:55 +0200
Subject: Use "id" instead of "whoami" to determine default owner/group

---
 certdeploy | 14 ++++++++++----
 readme.md  | 10 +++++-----
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/certdeploy b/certdeploy
index 29d60d9..ed6bc02 100755
--- a/certdeploy
+++ b/certdeploy
@@ -74,16 +74,22 @@ fi
 SOURCE_PATH="$1"
 TARGET_PATH="$2"
 
+#===============================================================================
+# Define default {owner|group} variable
+#===============================================================================
+DEFAULT_OWNER=$(id -u)
+DEFAULT_GROUP=$(id -g)
+
 #===============================================================================
 # Define {file|directory} mode, owner and group variables
 #===============================================================================
 FMODE="${OPTION_FMODE:-0600}"
-FOWNER="${OPTION_FOWNER:-$(whoami)}"
-FGROUP="${OPTION_FGROUP:-$(whoami)}"
+FOWNER="${OPTION_FOWNER:-$DEFAULT_OWNER}"
+FGROUP="${OPTION_FGROUP:-$DEFAULT_GROUP}"
 
 DMODE="${OPTION_DMODE:-0755}"
-DOWNER="${OPTION_DOWNER:-$(whoami)}"
-DGROUP="${OPTION_DGROUP:-$(whoami)}"
+DOWNER="${OPTION_DOWNER:-$DEFAULT_OWNER}"
+DGROUP="${OPTION_DGROUP:-$DEFAULT_GROUP}"
 
 # Allow only four digits (octal notation) for modes
 DMODE="$(echo "$DMODE" | tr -dc '0-7' | cut -c 1-4)"
diff --git a/readme.md b/readme.md
index 62f0e99..bc42aed 100644
--- a/readme.md
+++ b/readme.md
@@ -29,19 +29,19 @@ The following options let you change the UNIX file permission modes of the targe
 * `[-m mode]` **(default: `0600`)**:  
 Mode for target certificate files (octal notation, 3-4 digits)
 
-* `[-o owner]` **(default: `$(whoami)`)**:  
+* `[-o owner]` **(default: `$(id -u)`)**:  
 User ownership for certificate files in target directory
 
-* `[-g group]` **(default: `$(whoami)`)**:  
+* `[-g group]` **(default: `$(id -g)`)**:  
 Group ownership for certificate files in target directory
 
 * `[-M mode]` **(default: `0755`)**:  
 Mode for target directory (octal notation, 3-4 digits)
 
-* `[-O owner]` **(default: `$(whoami)`)**:  
+* `[-O owner]` **(default: `$(id -u)`)**:  
 User ownership for target directory
 
-* `[-G group]` **(default: `$(whoami)`)**:  
+* `[-G group]` **(default: `$(id -g)`)**:  
 Group ownership for target directory
 
 * `[-K filename]` **(default: `confidential.pem`)**:  
@@ -74,7 +74,7 @@ sslCert=/etc/certdeploy/mumble/voip.example.org/certificate_full.pem
 sslKey=/etc/certdeploy/mumble/voip.example.org/confidential.pem
 ~~~
 
-It is sufficient to use UNIX permissions `0600` (default) and user ownership `mumble-server` to achieve this. Since Certbot is running as `root` and because we omit the `-g` option of CertDeploy, the group ownership of the certificate files will become the default `$(whoami)` (which will be substituted to `root` in this case).
+It is sufficient to use UNIX permissions `0600` (default) and user ownership `mumble-server` to achieve this. Since Certbot is running as `root` and because we omit the `-g` option of CertDeploy, the group ownership of the certificate files will become the default `$(id -g)` (which will be substituted to the primary group of `root` in this case).
 
 OK, just request a new staging (test) certificate from Certbot with the `certonly` subcommand and provide the `--deploy-hook` option as follows. (You may need to adjust your `--webroot-path` in which the `.well-known/acme-challenge` directory for your domains is located. I have this directory globally located at `/var/www/.well-known/acme-challenge` for **all** my hostnames to make things easier.)
 
-- 
cgit v1.2.3