From patchwork Sat Mar 16 04:00:00 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?=
 <peter.mueller@ipfire.org>
X-Patchwork-Id: 2150
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256
	bits)) (Client CN "mail01.ipfire.org",
	Issuer "Let's Encrypt Authority X3" (verified OK))
	by web07.i.ipfire.org (Postfix) with ESMTPS id 1AB8088A13D
	for <patchwork@web07.i.ipfire.org>;
	Fri, 15 Mar 2019 17:00:24 +0000 (GMT)
Received: from mail01.i.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id 44LWzW0b5Qz5LBl4;
	Fri, 15 Mar 2019 17:00:23 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801;
	t=1552669223;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	message-id:message-id:to:to:cc:mime-version:mime-version:
	content-type:content-type:
	content-transfer-encoding:content-transfer-encoding:
	in-reply-to:in-reply-to:references:references:list-id:
	list-unsubscribe:list-subscribe:list-post;
	bh=toAbbh1irHcRigvG/b+zb7tkOfdd7a7wEzSXaZDqKHY=;
	b=TRigAAn9F9Vo8aqVmWmPRaMjdsGPx2RLBYYv2n34gF8CfaZ0uw4ki6CzGGmneNy86kGzuw
	kNIGkY+PV+lcgxkWHKfDbZ59AxkhY+6hm7I+2W7Rve1U3h81b28ZazOEF85RKWHBjLvCbl
	GQ3u3LcizlZkkiTGo5Wxq0CaTT2UFvDHeGYe06t/16SX3uIagCKx4J9UnFoDg3f1AnRUN1
	vCXqYh4VhGaaS7NJrk/F6VRsENby7FTjzxiQZ2Ja4ircVk9RMINCy7n6T5JZl+9DB/Q7kO
	pIwU1KLclcVG0FwoiAePyHg+G4c3/wdFLX5JYDBfJ7r6kISOmagltkhfFX5W6A==
Received: from [127.0.0.1] (tor26.quintex.com
	[IPv6:2620:7:6001::ffff:c759:e64f])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (Client did not present a certificate)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 44LWzR0cWNz5LgF9
	for <development@lists.ipfire.org>;
	Fri, 15 Mar 2019 17:00:18 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801;
	t=1552669220;
	h=from:from:sender:reply-to:subject:subject:date:date:
	message-id:message-id:to:to:cc:mime-version:mime-version:
	content-type:content-type:
	content-transfer-encoding:content-transfer-encoding:
	in-reply-to:in-reply-to:references:references;
	bh=toAbbh1irHcRigvG/b+zb7tkOfdd7a7wEzSXaZDqKHY=;
	b=BddXVhqUDOQyvrFkGtaePBmW4OfjJlXbmpzfzt3AFumTuvBs9T1zzI/PH2vMoya0cY27J7
	l6PMtP8pKZBxaeXQfZwzNeUUaPiXqnKsMcLjUu3AIQB5ZhEa4r1B8y/zc4sd6mNJ1WG863
	qjtpuCBx7shzEdLyfB3ysBT7k6hsAMqN/upi5gsCUZ/E8XbpTeQeTpEodJ7WEO9RBz4RKh
	Q6XVExJs/b8eI8BoIZWEvdSn37Ev9+pQr69B2uIOMgdPacnX7BDsvGFUHSaklecKkHkkL7
	yA+bgn2xLw0G0I2DYzPYf59OGoIlDOJG8DOFpcNpPeD+TK0ZuhBbdMelfdNMkw==
Subject: [PATCH] ensure Tor daemon files have correct permissions
References: <3337d646-c173-ed7f-d04f-46fe92c398cd@ipfire.org>
	<A47DB1B6-AE2D-495E-82D5-DCFF97E1F1AE@ipfire.org>
	<58a2b0d7-7d03-a3d2-fdcb-45809c098cbd@ipfire.org>
	<2273FCAB-AAC1-4ABC-B851-FD34460F2269@ipfire.org>
To: "IPFire: Development-List" <development@lists.ipfire.org>
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org>
Organization: IPFire.org
Message-ID: <f79e04e3-89b2-fffb-0d32-f79f90b7bf11@ipfire.org>
Date: Fri, 15 Mar 2019 17:00:00 +0000
MIME-Version: 1.0
In-Reply-To: <2273FCAB-AAC1-4ABC-B851-FD34460F2269@ipfire.org>
Content-Language: en-US
X-Spamd-Result: default: False [-5.56 / 11.00]; ARC_NA(0.00)[];
	BAYES_HAM(-3.00)[100.00%]; FROM_HAS_DN(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
	RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[];
	DKIM_SIGNED(0.00)[]; TO_DN_ALL(0.00)[];
	NEURAL_HAM(-2.46)[-0.820,0]; RCVD_COUNT_ZERO(0.00)[0];
	FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
	MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]
Authentication-Results: mail01.ipfire.org;
	auth=pass smtp.auth=pmueller smtp.mailfrom=peter.mueller@ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Set permissions for /var/lib/tor and /var/ipfire/tor to
tor:tor, regardless whether Tor user has been created before
or not.

This ensures Tor starts properly on existing systems after
reinstallation of the add-on. Thanks to Michael for the hint.

Further, a comment for new Tor user in /etc/passwd has been added.

Fixes #11779.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 src/paks/tor/install.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh
index e1ed33331..268bccecd 100644
--- a/src/paks/tor/install.sh
+++ b/src/paks/tor/install.sh
@@ -29,12 +29,12 @@ if ! getent group tor &>/dev/null; then
 fi
 
 if ! getent passwd tor; then
-       useradd -u 119 -g tor -d /var/empty -s /bin/false tor
-
-       # Adjust some folder permission for new UID/GID
-       chown -R tor:tor /var/lib/tor /var/ipfire/tor
+       useradd -u 119 -g tor -c "Tor daemon user" -d /var/empty -s /bin/false tor
 fi
 
+# Adjust some folder permission for new UID/GID
+chown -R tor:tor /var/lib/tor /var/ipfire/tor
+
 extract_files
 restore_backup ${NAME}
 start_service --background ${NAME}