Fixes #12220
Reported-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org --- lfs/tor | 2 +- src/paks/tor/install.sh | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/lfs/tor b/lfs/tor index ea07f6ce2..178f84be9 100644 --- a/lfs/tor +++ b/lfs/tor @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 43 +PAK_VER = 44
DEPS = "libseccomp"
diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh index 4d0353155..369b65f71 100644 --- a/src/paks/tor/install.sh +++ b/src/paks/tor/install.sh @@ -36,10 +36,10 @@ extract_files restore_backup ${NAME}
# Adjust some folder permission for new UID/GID -chown -R tor:tor /var/lib/tor /var/ipfire/tor +chown -R tor:tor /var/lib/tor +chown -R tor:nobody /var/ipfire/tor
-# Tor settings file needs to be writeable by nobody group for WebUI -chown tor:nobody /var/ipfire/tor/settings -chmod 664 /var/ipfire/tor/settings +# Tor settings files needs to be writeable by nobody group for WebUI +chmod 664 /var/ipfire/tor/{settings,torrc}
start_service --background ${NAME}
Hi,
On 29 Oct 2019, at 18:37, peter.mueller@ipfire.org wrote:
Fixes #12220
Reported-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
lfs/tor | 2 +- src/paks/tor/install.sh | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/lfs/tor b/lfs/tor index ea07f6ce2..178f84be9 100644 --- a/lfs/tor +++ b/lfs/tor @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 43 +PAK_VER = 44
DEPS = "libseccomp"
diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh index 4d0353155..369b65f71 100644 --- a/src/paks/tor/install.sh +++ b/src/paks/tor/install.sh @@ -36,10 +36,10 @@ extract_files restore_backup ${NAME}
# Adjust some folder permission for new UID/GID -chown -R tor:tor /var/lib/tor /var/ipfire/tor +chown -R tor:tor /var/lib/tor +chown -R tor:nobody /var/ipfire/tor
-# Tor settings file needs to be writeable by nobody group for WebUI -chown tor:nobody /var/ipfire/tor/settings -chmod 664 /var/ipfire/tor/settings +# Tor settings files needs to be writeable by nobody group for WebUI +chmod 664 /var/ipfire/tor/{settings,torrc}
There was no problem with the settings file here before. That was writable by the web UI, but they have just not been written to torrc.
I would question if we need to have write permissions for the tor user to the settings file.
Should it not be the other way around where the file is being owned by nobody, and tor can read it? Why does tor need to modify its own configuration file?
Best, -Michael
start_service --background ${NAME}
2.16.4