[bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of to

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of to

From:	raid5atemyhomework
Subject:	[bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
Date:	Mon, 15 Mar 2021 11:15:36 +0000

Currently, if you set DataDirectoryGroupReadable 1 in your torrc, it will be 
respected only if tor is started up.  If you reconfigure your OS without 
restarting the tor service, the directory permissions are reset due to the 
activation code being re-run and resetting the directory permissions.

This change simply does not chmod if the directory already exists.


Thanks
raid5atemyhomework


>From d6037c59e642eaafebe43996e7419e1b58fee616 Mon Sep 17 00:00:00 2001
From: raid5atemyhomework <raid5atemyhomework@protonmail.com>
Date: Mon, 15 Mar 2021 19:10:01 +0800
Subject: [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.

* gnu/services/networking.scm (tor-activation): Do not change permissions
of tor data directory if it already exists.
---
 gnu/services/networking.scm | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..65d2d39f0b 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -881,10 +881,16 @@ HiddenServicePort ~a ~a~%"
       ;; of the "tor" group will be able to use the SOCKS socket.
       (chmod "/var/run/tor" #o750)

-      ;; Allow Tor to access the hidden services' directories.
-      (mkdir-p "/var/lib/tor")
+      ;; If the directory already exists, do not chmod it again; the user
+      ;; might have set "DataDirectoryGroupReadable 1" in the torrc.
+      ;; Without this check, a `guix system reconfigure` will cause the
+      ;; directory to lose group permissions until Tor is restarted, even
+      ;; if changes to the operating-system were unrelated to Tor.
+      (unless (file-exists? "/var/lib/tor")
+        (mkdir-p "/var/lib/tor")
+        ;; Allow only Tor and root to access the hidden services' directories.
+        (chmod "/var/lib/tor" #o700))
       (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
-      (chmod "/var/lib/tor" #o700)

       ;; Make sure /var/lib is accessible to the 'tor' user.
       (chmod "/var/lib" #o755)
--
2.30.2

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor., raid5atemyhomework <=
- [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor., Maxime Devos, 2021/03/15
  - [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor., raid5atemyhomework, 2021/03/15
  - [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor., raid5atemyhomework, 2021/03/27
    - [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor., Maxime Devos, 2021/03/27
    - [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor., raid5atemyhomework, 2021/03/27
    - [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor., Maxime Devos, 2021/03/27

Prev by Date: [bug#47153] [PATCH] gnu: chez-scheme: simplify packaging
Next by Date: bug#47091: [PATCH 0/2] gnu: poetry: Update to 1.1.5.
Previous by thread: [bug#47153] [PATCH] gnu: chez-scheme: simplify packaging
Next by thread: [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
Index(es):
- Date
- Thread