On Tue, 19 Apr 2011, intrigeri wrote:
> a. Patch Tor so that one can get a group-readable+writable
> ControlSocket, be it by default or using a
> ControlSocketGroupReadableAndWritable option modeled after the
> already existing CookieAuthFileGroupReadable one.
If upstream accepted such a patch that would be perfect.
> b. In the initscript, set permissions on the ControlSocket that
> would fit our Debian system-wide daemon context.
That's racey and I don't think would work very well.
> I tend to prefer the first of these solutions, since the second one
> would be a bit ugly, and I'm not even sure it would work, e.g. if the
> process receives a SIGHUP or whatever. What do you think?
Seems like we concur.
> Also, even when umask == 0022, the parent directory (/var/run/tor) is
> created by the initscript's check_torpiddir function with 02700
> permissions. Given this function chown's it debian-tor:debian-tor, can
> we consider changing these permissions to 02770? Or do I miss the
> purpose of the debian-tor group?
There currently is no purpose of the group. Creating var/run/tor with
g+x sounds perfectly acceptable.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]