[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of to
|
From: |
raid5atemyhomework |
|
Subject: |
[bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor. |
|
Date: |
Mon, 15 Mar 2021 23:42:41 +0000 |
> On Mon, 2021-03-15 at 11:15 +0000, raid5atemyhomework via Guix-patches via
> wrote:
>
> > Currently, if you set DataDirectoryGroupReadable 1 in your torrc,
>
> What are the reasons for setting DataDirectoryGroupReadable 1?
>
When using cookie-based authentication, the cookie file is traditionally placed
in the data directory. If the directory is not accessible from group, then
only the `tor` user can access the cookie and control `tor`. With this option,
the cookie can be accessed by members of the `tor` group.
> > it will be respected only if tor is started up.
>
> IIUC, tor will adjust the permissions of the directory to make it
> group readable (while Guix' activation code creates the directory
> group-unreadable).
Correct. However, when doing a `guix system reconfigure`, the activation code
will be called again, which changes the directory back to group unreadable,
without restarting tor. `tor` itself will only set the permissions when it
starts up, and will ignore the permissions while running.
>
> > If you reconfigure your OS without restarting the tor service,
> > the directory permissions are reset due to the activation code being
> > re-run and resetting the directory permissions.
> > This change simply does not chmod if the directory already exists.
>
> I believe it would be more transparent to introduce a
> (data-directory-group-readable? #t/#f), with #f as default,
> to tor-configuration (adjusting tor-configuration->torrc)
> and change the permission bits passed to chmod appropriately.
>
> (Documentation & reproducible system configuration & one integrated
> system (in the software sense) and all that)
Possibly.
Thanks
raid5atemyhomework