| Message ID | 20190610113652.11536-1-ummeegge@ipfire.org |
|---|---|
| State | Deferred |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 8A05480025D for <patchwork@web07.i.ipfire.org>; Mon, 10 Jun 2019 12:37:02 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 45MrhF3LJcz51tc6; Mon, 10 Jun 2019 12:37:01 +0100 (BST) Received: from ipfire-server.local (mue-88-130-70-034.dsl.tropolys.de [88.130.70.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 45MrhB3z4Kz5P2Cr; Mon, 10 Jun 2019 12:36:58 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1560166618; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=gMNwkBP+bB6FmEfl8l5R42wEEf9F2TYx7lBvGVF26Cw=; b=pUuUdpwTwXnwdcP9DSIPPfCojuMheHro4agzXuUn/IDmTGcWxuaOSz/I2lS+EQiUQAdFmN BCWCSX6hfKjhvuiFAazkcoIDT0Uf34lcDkNnI/sgkBG5E/pYI38EFwAEpyNcNqfcIqIkFm OB50pb6C1MEMyuLGcsQwfNMlwE5jkMy9mAdA5niq7KTsscfWKwQwgJofcwio3AhIu7NXoy i0EiOmRaWSoQgtP0qbEXbDhKtpOnaYY6yqPyD5p7RkleQPlpgjFLH/iOQp3iUc3Fopsg0m 97Uorry0CY+AxmLGE8QNyh8uUHnHrloQjWhaRbxIF8qpb7X53hE149WtYFBBOw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1560166618; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=gMNwkBP+bB6FmEfl8l5R42wEEf9F2TYx7lBvGVF26Cw=; b=KsMxMmQ7Bg5+htFUesVhyUeid+Ka9nZcqosKRzK31QhrrjBxNA+foiRSOby8cETVMqfavj z0P1gvuOuu1dgFDQ== From: Erik Kapfer <ummeegge@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] tor: Fix tor permissions if presant via update.sh Date: Mon, 10 Jun 2019 13:36:52 +0200 Message-Id: <20190610113652.11536-1-ummeegge@ipfire.org> X-Mailer: git-send-email 2.12.2 Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ummeegge smtp.mailfrom=ummeegge@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
tor: Fix tor permissions if presant via update.sh
|
|
Commit Message
ummeegge
June 10, 2019, 9:36 p.m. UTC
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
---
config/rootfiles/core/133/update.sh | 5 +++++
1 file changed, 5 insertions(+)
Comments
Hi, Thanks for sending in that patch. But I think instead of doing this in the Core Update, this change should be applied in the tor update scripts. -Michael > On 10 Jun 2019, at 12:36, Erik Kapfer <ummeegge@ipfire.org> wrote: > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > --- > config/rootfiles/core/133/update.sh | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/core/133/update.sh > index a05ad0741..3ecb5651b 100644 > --- a/config/rootfiles/core/133/update.sh > +++ b/config/rootfiles/core/133/update.sh > @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi > /etc/init.d/squid start > /etc/init.d/collectd restart > > +# Set new permissions for tor > +if [ -d "/var/lib/tor" ]; then > + chown -R tor:tor /var/lib/tor > +fi > + > # Finish > /etc/init.d/fireinfo start > sendprofile > -- > 2.12.2 >
Hello Michael, as mentioned in https://bugzilla.ipfire.org/show_bug.cgi?id=12088#c11 , the "install.sh" script of the Tor addon contains all required steps. Since "update.sh" calls "install.sh" at the end of the file, everything should be fine after an update as well - which is not. However, due to this, I do not think putting it into "update.sh" makes sense either. Thanks, and best regards, Peter Müller Michael Tremer: > Hi, > > Thanks for sending in that patch. > > But I think instead of doing this in the Core Update, this change should be applied in the tor update scripts. > > -Michael > >> On 10 Jun 2019, at 12:36, Erik Kapfer <ummeegge@ipfire.org> wrote: >> >> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> >> --- >> config/rootfiles/core/133/update.sh | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/core/133/update.sh >> index a05ad0741..3ecb5651b 100644 >> --- a/config/rootfiles/core/133/update.sh >> +++ b/config/rootfiles/core/133/update.sh >> @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi >> /etc/init.d/squid start >> /etc/init.d/collectd restart >> >> +# Set new permissions for tor >> +if [ -d "/var/lib/tor" ]; then >> + chown -R tor:tor /var/lib/tor >> +fi >> + >> # Finish >> /etc/init.d/fireinfo start >> sendprofile >> -- >> 2.12.2 >> >
On 6/10/19 1:12 PM, Peter Müller wrote: > Hello Michael, > > as mentioned in https://bugzilla.ipfire.org/show_bug.cgi?id=12088#c11 , > the "install.sh" script of the Tor addon contains all required steps. > > Since "update.sh" calls "install.sh" at the end of the file, everything > should be fine after an update as well - which is not. However, due to > this, I do not think putting it into "update.sh" makes sense either. > > Thanks, and best regards, > Peter Müller > > Michael Tremer: >> Hi, >> >> Thanks for sending in that patch. >> >> But I think instead of doing this in the Core Update, this change should be applied in the tor update scripts. >> >> -Michael >> >>> On 10 Jun 2019, at 12:36, Erik Kapfer <ummeegge@ipfire.org> wrote: >>> >>> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> >>> --- >>> config/rootfiles/core/133/update.sh | 5 +++++ >>> 1 file changed, 5 insertions(+) >>> >>> diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/core/133/update.sh >>> index a05ad0741..3ecb5651b 100644 >>> --- a/config/rootfiles/core/133/update.sh >>> +++ b/config/rootfiles/core/133/update.sh >>> @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi >>> /etc/init.d/squid start >>> /etc/init.d/collectd restart >>> >>> +# Set new permissions for tor >>> +if [ -d "/var/lib/tor" ]; then >>> + chown -R tor:tor /var/lib/tor >>> +fi >>> + >>> # Finish >>> /etc/init.d/fireinfo start >>> sendprofile >>> -- >>> 2.12.2 >>> >> > Perhaps the restore_backup in install.sh is undoing the ownership? p.
Hi, Yes that will be it. The backup stores permissions and ownership. Please move the chown line to after the backup is being restored and you will be fine. -Michael > On 10 Jun 2019, at 19:36, Paul Simmons <mbatranch@gmail.com> wrote: > > On 6/10/19 1:12 PM, Peter Müller wrote: >> Hello Michael, >> >> as mentioned in https://bugzilla.ipfire.org/show_bug.cgi?id=12088#c11 , >> the "install.sh" script of the Tor addon contains all required steps. >> >> Since "update.sh" calls "install.sh" at the end of the file, everything >> should be fine after an update as well - which is not. However, due to >> this, I do not think putting it into "update.sh" makes sense either. >> >> Thanks, and best regards, >> Peter Müller >> >> Michael Tremer: >>> Hi, >>> >>> Thanks for sending in that patch. >>> >>> But I think instead of doing this in the Core Update, this change should be applied in the tor update scripts. >>> >>> -Michael >>> >>>> On 10 Jun 2019, at 12:36, Erik Kapfer <ummeegge@ipfire.org> wrote: >>>> >>>> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> >>>> --- >>>> config/rootfiles/core/133/update.sh | 5 +++++ >>>> 1 file changed, 5 insertions(+) >>>> >>>> diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/core/133/update.sh >>>> index a05ad0741..3ecb5651b 100644 >>>> --- a/config/rootfiles/core/133/update.sh >>>> +++ b/config/rootfiles/core/133/update.sh >>>> @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi >>>> /etc/init.d/squid start >>>> /etc/init.d/collectd restart >>>> >>>> +# Set new permissions for tor >>>> +if [ -d "/var/lib/tor" ]; then >>>> + chown -R tor:tor /var/lib/tor >>>> +fi >>>> + >>>> # Finish >>>> /etc/init.d/fireinfo start >>>> sendprofile >>>> -- >>>> 2.12.2 >>>> >>> >> > > Perhaps the restore_backup in install.sh is undoing the ownership? > > p.
Hello Michael & Peter, On Mo, 2019-06-10 at 18:12 +0000, Peter Müller wrote: > Hello Michael, > > as mentioned in https://bugzilla.ipfire.org/show_bug.cgi?id=12088#c11 > , > the "install.sh" script of the Tor addon contains all required steps. > > Since "update.sh" calls "install.sh" at the end of the file, > everything > should be fine after an update as well - which is not. However, due > to > this, I do not think putting it into "update.sh" makes sense either. Thought a little in the same way since there is also an update for tor whereby tor´s update.sh (includes install.sh then) should be executed. To stay save i used the core update.sh for this... Best, Erik > > Thanks, and best regards, > Peter Müller > > Michael Tremer: > > Hi, > > > > Thanks for sending in that patch. > > > > But I think instead of doing this in the Core Update, this change > > should be applied in the tor update scripts. > > > > -Michael > > > > > On 10 Jun 2019, at 12:36, Erik Kapfer <ummeegge@ipfire.org> > > > wrote: > > > > > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > > > --- > > > config/rootfiles/core/133/update.sh | 5 +++++ > > > 1 file changed, 5 insertions(+) > > > > > > diff --git a/config/rootfiles/core/133/update.sh > > > b/config/rootfiles/core/133/update.sh > > > index a05ad0741..3ecb5651b 100644 > > > --- a/config/rootfiles/core/133/update.sh > > > +++ b/config/rootfiles/core/133/update.sh > > > @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi- > > > bin/vpnmain.cgi > > > /etc/init.d/squid start > > > /etc/init.d/collectd restart > > > > > > +# Set new permissions for tor > > > +if [ -d "/var/lib/tor" ]; then > > > + chown -R tor:tor /var/lib/tor > > > +fi > > > + > > > # Finish > > > /etc/init.d/fireinfo start > > > sendprofile > > > -- > > > 2.12.2 > > > > >
diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/core/133/update.sh index a05ad0741..3ecb5651b 100644 --- a/config/rootfiles/core/133/update.sh +++ b/config/rootfiles/core/133/update.sh @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi /etc/init.d/squid start /etc/init.d/collectd restart +# Set new permissions for tor +if [ -d "/var/lib/tor" ]; then + chown -R tor:tor /var/lib/tor +fi + # Finish /etc/init.d/fireinfo start sendprofile