[PATCH] Tor: fix permissions of /var/ipfire/tor/torrc after installation

[PATCH] Tor: fix permissions of /var/ipfire/tor/torrc after installation

[peter.mueller]

[-- Attachment #1: Type: text/plain, Size: 1243 bytes --]

Fixes #12220

Reported-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 lfs/tor                 | 2 +-
 src/paks/tor/install.sh | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lfs/tor b/lfs/tor
index ea07f6ce2..178f84be9 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = tor
-PAK_VER    = 43
+PAK_VER    = 44
 
 DEPS       = "libseccomp"
 
diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh
index 4d0353155..369b65f71 100644
--- a/src/paks/tor/install.sh
+++ b/src/paks/tor/install.sh
@@ -36,10 +36,10 @@ extract_files
 restore_backup ${NAME}
 
 # Adjust some folder permission for new UID/GID
-chown -R tor:tor /var/lib/tor /var/ipfire/tor
+chown -R tor:tor /var/lib/tor
+chown -R tor:nobody /var/ipfire/tor
 
-# Tor settings file needs to be writeable by nobody group for WebUI
-chown tor:nobody /var/ipfire/tor/settings
-chmod 664 /var/ipfire/tor/settings
+# Tor settings files needs to be writeable by nobody group for WebUI
+chmod 664 /var/ipfire/tor/{settings,torrc}
 
 start_service --background ${NAME}
-- 
2.16.4

Re: [PATCH] Tor: fix permissions of /var/ipfire/tor/torrc after installation

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1848 bytes --]

Hi,

> On 29 Oct 2019, at 18:37, peter.mueller(a)ipfire.org wrote:
> 
> Fixes #12220
> 
> Reported-by: Michael Tremer <michael.tremer(a)ipfire.org>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> lfs/tor                 | 2 +-
> src/paks/tor/install.sh | 8 ++++----
> 2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/lfs/tor b/lfs/tor
> index ea07f6ce2..178f84be9 100644
> --- a/lfs/tor
> +++ b/lfs/tor
> @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = tor
> -PAK_VER    = 43
> +PAK_VER    = 44
> 
> DEPS       = "libseccomp"
> 
> diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh
> index 4d0353155..369b65f71 100644
> --- a/src/paks/tor/install.sh
> +++ b/src/paks/tor/install.sh
> @@ -36,10 +36,10 @@ extract_files
> restore_backup ${NAME}
> 
> # Adjust some folder permission for new UID/GID
> -chown -R tor:tor /var/lib/tor /var/ipfire/tor
> +chown -R tor:tor /var/lib/tor
> +chown -R tor:nobody /var/ipfire/tor
> 
> -# Tor settings file needs to be writeable by nobody group for WebUI
> -chown tor:nobody /var/ipfire/tor/settings
> -chmod 664 /var/ipfire/tor/settings
> +# Tor settings files needs to be writeable by nobody group for WebUI
> +chmod 664 /var/ipfire/tor/{settings,torrc}

There was no problem with the settings file here before. That was writable by the web UI, but they have just not been written to torrc.

I would question if we need to have write permissions for the tor user to the settings file.

Should it not be the other way around where the file is being owned by nobody, and tor can read it? Why does tor need to modify its own configuration file?

Best,
-Michael

> 
> start_service --background ${NAME}
> -- 
> 2.16.4