GNU bug report logs -
#47155
[PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
Previous Next
Full log
View this message in rfc822 format
> On Mon, 2021-03-15 at 11:15 +0000, raid5atemyhomework via Guix-patches via wrote:
>
> > Currently, if you set DataDirectoryGroupReadable 1 in your torrc,
>
> What are the reasons for setting DataDirectoryGroupReadable 1?
>
When using cookie-based authentication, the cookie file is traditionally placed in the data directory. If the directory is not accessible from group, then only the `tor` user can access the cookie and control `tor`. With this option, the cookie can be accessed by members of the `tor` group.
> > it will be respected only if tor is started up.
>
> IIUC, tor will adjust the permissions of the directory to make it
> group readable (while Guix' activation code creates the directory
> group-unreadable).
Correct. However, when doing a `guix system reconfigure`, the activation code will be called again, which changes the directory back to group unreadable, without restarting tor. `tor` itself will only set the permissions when it starts up, and will ignore the permissions while running.
>
> > If you reconfigure your OS without restarting the tor service,
> > the directory permissions are reset due to the activation code being
> > re-run and resetting the directory permissions.
> > This change simply does not chmod if the directory already exists.
>
> I believe it would be more transparent to introduce a
> (data-directory-group-readable? #t/#f), with #f as default,
> to tor-configuration (adjusting tor-configuration->torrc)
> and change the permission bits passed to chmod appropriately.
>
> (Documentation & reproducible system configuration & one integrated
> system (in the software sense) and all that)
Possibly.
Thanks
raid5atemyhomework
This bug report was last modified 2 years and 169 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.