diff mbox series

Tor: fix permissions of /var/ipfire/tor/torrc after installation

Message ID 8ccc8c62-b96d-9154-c17e-abad5c975536@ipfire.org
State Accepted
Commit c772b7550c4dd06f7945e32cc6af47e8f6a0f229
Headers
Series Tor: fix permissions of /var/ipfire/tor/torrc after installation |

Commit Message

Peter Müller Oct. 29, 2019, 6:37 p.m. UTC 
  Fixes #12220

Reported-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/tor                 | 2 +-
 src/paks/tor/install.sh | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

Comments

Michael Tremer Oct. 30, 2019, 10:41 a.m. UTC | #1 
Hi,

> On 29 Oct 2019, at 18:37, peter.mueller@ipfire.org wrote:
> 
> Fixes #12220
> 
> Reported-by: Michael Tremer <michael.tremer@ipfire.org>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> lfs/tor                 | 2 +-
> src/paks/tor/install.sh | 8 ++++----
> 2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/lfs/tor b/lfs/tor
> index ea07f6ce2..178f84be9 100644
> --- a/lfs/tor
> +++ b/lfs/tor
> @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = tor
> -PAK_VER    = 43
> +PAK_VER    = 44
> 
> DEPS       = "libseccomp"
> 
> diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh
> index 4d0353155..369b65f71 100644
> --- a/src/paks/tor/install.sh
> +++ b/src/paks/tor/install.sh
> @@ -36,10 +36,10 @@ extract_files
> restore_backup ${NAME}
> 
> # Adjust some folder permission for new UID/GID
> -chown -R tor:tor /var/lib/tor /var/ipfire/tor
> +chown -R tor:tor /var/lib/tor
> +chown -R tor:nobody /var/ipfire/tor
> 
> -# Tor settings file needs to be writeable by nobody group for WebUI
> -chown tor:nobody /var/ipfire/tor/settings
> -chmod 664 /var/ipfire/tor/settings
> +# Tor settings files needs to be writeable by nobody group for WebUI
> +chmod 664 /var/ipfire/tor/{settings,torrc}

There was no problem with the settings file here before. That was writable by the web UI, but they have just not been written to torrc.

I would question if we need to have write permissions for the tor user to the settings file.

Should it not be the other way around where the file is being owned by nobody, and tor can read it? Why does tor need to modify its own configuration file?

Best,
-Michael

> 
> start_service --background ${NAME}
> -- 
> 2.16.4
diff mbox series

Patch

diff --git a/lfs/tor b/lfs/tor
index ea07f6ce2..178f84be9 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -32,7 +32,7 @@  DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = tor
-PAK_VER    = 43
+PAK_VER    = 44
 
 DEPS       = "libseccomp"
 
diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh
index 4d0353155..369b65f71 100644
--- a/src/paks/tor/install.sh
+++ b/src/paks/tor/install.sh
@@ -36,10 +36,10 @@  extract_files
 restore_backup ${NAME}
 
 # Adjust some folder permission for new UID/GID
-chown -R tor:tor /var/lib/tor /var/ipfire/tor
+chown -R tor:tor /var/lib/tor
+chown -R tor:nobody /var/ipfire/tor
 
-# Tor settings file needs to be writeable by nobody group for WebUI
-chown tor:nobody /var/ipfire/tor/settings
-chmod 664 /var/ipfire/tor/settings
+# Tor settings files needs to be writeable by nobody group for WebUI
+chmod 664 /var/ipfire/tor/{settings,torrc}
 
 start_service --background ${NAME}