From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] Tor: fix permissions of /var/ipfire/tor/torrc after installation
Date: Wed, 30 Oct 2019 10:41:38 +0000 [thread overview]
Message-ID: <9B5B66C2-7528-4F5D-BD29-0DA5F812F5E6@ipfire.org> (raw)
In-Reply-To: <8ccc8c62-b96d-9154-c17e-abad5c975536@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 1848 bytes --]
Hi,
> On 29 Oct 2019, at 18:37, peter.mueller(a)ipfire.org wrote:
>
> Fixes #12220
>
> Reported-by: Michael Tremer <michael.tremer(a)ipfire.org>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> lfs/tor | 2 +-
> src/paks/tor/install.sh | 8 ++++----
> 2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/lfs/tor b/lfs/tor
> index ea07f6ce2..178f84be9 100644
> --- a/lfs/tor
> +++ b/lfs/tor
> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> PROG = tor
> -PAK_VER = 43
> +PAK_VER = 44
>
> DEPS = "libseccomp"
>
> diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh
> index 4d0353155..369b65f71 100644
> --- a/src/paks/tor/install.sh
> +++ b/src/paks/tor/install.sh
> @@ -36,10 +36,10 @@ extract_files
> restore_backup ${NAME}
>
> # Adjust some folder permission for new UID/GID
> -chown -R tor:tor /var/lib/tor /var/ipfire/tor
> +chown -R tor:tor /var/lib/tor
> +chown -R tor:nobody /var/ipfire/tor
>
> -# Tor settings file needs to be writeable by nobody group for WebUI
> -chown tor:nobody /var/ipfire/tor/settings
> -chmod 664 /var/ipfire/tor/settings
> +# Tor settings files needs to be writeable by nobody group for WebUI
> +chmod 664 /var/ipfire/tor/{settings,torrc}
There was no problem with the settings file here before. That was writable by the web UI, but they have just not been written to torrc.
I would question if we need to have write permissions for the tor user to the settings file.
Should it not be the other way around where the file is being owned by nobody, and tor can read it? Why does tor need to modify its own configuration file?
Best,
-Michael
>
> start_service --background ${NAME}
> --
> 2.16.4
prev parent reply other threads:[~2019-10-30 10:41 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-29 18:37 peter.mueller
2019-10-30 10:41 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9B5B66C2-7528-4F5D-BD29-0DA5F812F5E6@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox