From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject:
 Re: [PATCH] Tor: fix permissions of /var/ipfire/tor/torrc after installation
Date: Wed, 30 Oct 2019 10:41:38 +0000
Message-ID: <9B5B66C2-7528-4F5D-BD29-0DA5F812F5E6@ipfire.org>
In-Reply-To: <8ccc8c62-b96d-9154-c17e-abad5c975536@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8438095251031990451=="
List-Id: <development.lists.ipfire.org>

--===============8438095251031990451==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi,

> On 29 Oct 2019, at 18:37, peter.mueller(a)ipfire.org wrote:
>=20
> Fixes #12220
>=20
> Reported-by: Michael Tremer <michael.tremer(a)ipfire.org>
> Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
> ---
> lfs/tor                 | 2 +-
> src/paks/tor/install.sh | 8 ++++----
> 2 files changed, 5 insertions(+), 5 deletions(-)
>=20
> diff --git a/lfs/tor b/lfs/tor
> index ea07f6ce2..178f84be9 100644
> --- a/lfs/tor
> +++ b/lfs/tor
> @@ -32,7 +32,7 @@ DL_FROM    =3D $(URL_IPFIRE)
> DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
> TARGET     =3D $(DIR_INFO)/$(THISAPP)
> PROG       =3D tor
> -PAK_VER    =3D 43
> +PAK_VER    =3D 44
>=20
> DEPS       =3D "libseccomp"
>=20
> diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh
> index 4d0353155..369b65f71 100644
> --- a/src/paks/tor/install.sh
> +++ b/src/paks/tor/install.sh
> @@ -36,10 +36,10 @@ extract_files
> restore_backup ${NAME}
>=20
> # Adjust some folder permission for new UID/GID
> -chown -R tor:tor /var/lib/tor /var/ipfire/tor
> +chown -R tor:tor /var/lib/tor
> +chown -R tor:nobody /var/ipfire/tor
>=20
> -# Tor settings file needs to be writeable by nobody group for WebUI
> -chown tor:nobody /var/ipfire/tor/settings
> -chmod 664 /var/ipfire/tor/settings
> +# Tor settings files needs to be writeable by nobody group for WebUI
> +chmod 664 /var/ipfire/tor/{settings,torrc}

There was no problem with the settings file here before. That was writable by=
 the web UI, but they have just not been written to torrc.

I would question if we need to have write permissions for the tor user to the=
 settings file.

Should it not be the other way around where the file is being owned by nobody=
, and tor can read it? Why does tor need to modify its own configuration file?

Best,
-Michael

>=20
> start_service --background ${NAME}
> --=20
> 2.16.4


--===============8438095251031990451==--